Credential store using HashiCorp Vault
3 likes512 views
The document discusses HashiCorp Vault, which is a tool for securely managing secrets and sensitive data. It provides secure credential management and features like dynamic secrets, data encryption, leasing and key rotation, revocation, and audit controls. It integrates with databases, tools, and other systems. The presentation covers common challenges Vault aims to address, use cases, features, and includes a demo.
Credential store using HashiCorp Vault
- 2. MAYANK PATELMAYANK PATEL APPLICATION ARCHITECT @APPLICATION ARCHITECT @ / / OILDEXOILDEX Linkedin @maxy_ermayank Medium
- 3. SOFTWARE AS A SERVICE PROVIDER FOR OIL ANDSOFTWARE AS A SERVICE PROVIDER FOR OIL AND GAS COMPANIESGAS COMPANIES 7.5 Years OILDEXOILDEX
- 4. FOCUSED ONFOCUSED ON Streaming, Reactive, Non-blocking Architecture API Design DevOps Cloud Native Architecture Empowering so ware development teams Digital Transformation and Digital Optimization
- 5. AGENDAAGENDA Common Challenges Vault Use Cases & Features Demo
- 6. Common Challenges / Problems we are trying to solve?
- 7. Credentials stored & transmitted in Plaintext format
- 8. Credentials almost never get renewed once it is issued or manual renewal
- 9. No PKI Certificate Management
- 10. API Keys are hand generated and never renewed
- 11. No SSH Key storage
- 12. No Audit Control
- 13. No Kill Switch
- 14. Lack of automation for secrets deployment
- 15. MANY MORE...
- 16. How do we manage credentials in Cloud Native, Distributed Infrastructure ?
- 18. VAULT USE CASESVAULT USE CASES
- 19. Secure Credential Management on a Budget
- 20. VAULT FEATURESVAULT FEATURES Secure Secret Storage Dynamic Secrets (Secret as a Service) Data Encryption Leasing and Renewal (Key Rotation) Revocation Audit Control Integration with wide variety of Databases and Tools Custom Plugin
- 21. SECURE SECRET STORAGESECURE SECRET STORAGE Basic Credentials Tokens, TOTP PKI Certificate Management (It’s easy to be your own certificate authority) LDAP SSH Keys Handle SSH logins across the org. One time SSH access It increases the usefulness of audit logs during incident response ...
- 22. DYNAMIC SECRETSDYNAMIC SECRETS AWS Cassandra Consul Hana MariaDB MongoDB MSSQL MySQL Oracle PKI Certificates PostgreSQL RabbitMQ SSH Transit Custom..
- 23. WHY DYNAMIC SECRETS?WHY DYNAMIC SECRETS? Dynamic passwords provide a bunch of benefits
- 24. No need to write down, store, or share passwords
- 25. Enables very short lived passwords, less exposure if compromised
- 26. For distributed applications, every instance gets unique credentials
- 27. Constantly changing and expiring usernames/passwords are much harder to brute force
- 30. HTTP API/CLI
- 31. Integration consul-template Envconsul Native Client Libraries Integration with Ansible, Chef, Puppet, Salt, etc. HashiCorp Vault Jenkins plugin
- 33. RESOURCESRESOURCES Vault-Consul Docker Swarm Cluster Denver HashiCorp User Group Talk - Credential Store using Vault awesome-vault-tools Vault Demo Console
- 34. THANK YOU!THANK YOU! QUESTIONS?QUESTIONS? You can contact me at: / /Linkedin @maxy_ermayank Medium