Creating secrets is easy, but effectively managing them is much more complex. Vault, which is a free and open source tool by HashiCorp, is a popular tool for managing organizational secrets.
8. @sethvargo
RISING DATACENTER COMPLEXITY
DC
VM
VMVM
VM VM
VMVM
VM VM
VMVM
VM VM
VMVM
VM
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
C C
122. @sethvargo
Service Discovery
DNS interface is zero-touch - no application changes are required
HTTP API for modern applications returns rich metadata
Allows discovery of both internal and external services
126. @sethvargo
Health Checking
Integrates with the service discovery layer
DNS does not return results for unhealthy services or nodes
HTTP endpoints can list health and query by health
128. @sethvargo
KV Store
Highly available storage for configuration and feature flags
Feature flags without big CM processes
Supports blocking queries for "pushing" changes
Optional ACLs to protect sensitive information at paths
136. @sethvargo
Events, Exec, and Watches
Build powerful orchestration tools
Implement client-side leader election
Distributed locking and event system
All approaches proven to scale to thousands of agents
137. @sethvargo
$ consul event deploy 6DF7FE
# ...
$ consul watch -type event -name deploy /usr/bin/deploy.sh
# ...
$ consul exec -service web /usr/bin/deploy.sh
# ...
Terminal
138. @sethvargo
Security
Encrypt gossip traffic with shared key or keyring (UDP)
Encrypt HTTP traffic with TLS (TCP)
Advanced ACLs and token-based system allows for massive scale