What is hashicorp vault?
It's a cloud-agnostic secrets management system.
API-driven
It allows you to safely store and manage sensitive data in hybrid cloud environments
Used to generate dynamic short-lived credentials, or encrypt application data on the fly.
What is a secret?
Usernames and passwords
Certificates
SSH Keys
API keys
Encryption keys
What problems does vault solve?
Secrets sprawl
Below are some common places where secrets get stored:
On a developer's computer in excel or notepad files
Hard-coded into the source code.
On a sticky note under an engineer's keyboard
In a version control system such as GitHub and sometimes exposed publicly.
Vault use cases
Secrets management
Centrally store, access, and distribute secrets.
Encrypting application data
Keep application data secure with centralized key management
Identity-based Access
Authenticate and access different clouds, systems, and endpoints using trusted identities.
Secret management
KV Secrets Engine
The idea is to share between the client and the vault. (A client could be a person, user, or application)
The client makes a call to the vault with a specific path(In the vault everything is path based)
Vault checks its policy for authorizing the client to share the secrets.
Encrypting Application Data
Vault provides an EAAS(Encryption as a service), also called a transit secrets engine inside the vault.
So after encrypting the application data using a vault, now the web server can use or store that data in a database for the next use cases.
Vault will not store data, only pass it back to requesting client.
Basic Vault CLI commands
Vault by itself will give you a list of many Vault CLI commands.(starts with common ones)
$ vault
$ vault version # tells the version of vault
$ vault read # used to read secrets from vault
$ vault write #used to write secrets to vault
$ vault write -h # -h, -help and --help flags can be added
to get help for any vault CLI command.
Top comments (0)