Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2019 HashiCorp Dynamic Azure Credentials for Applications and CI/CD Pipelines SE Webinar - July 21st, 2020 Kawsar Kamal ...
Agenda ● Introductions (Brianna) - 5 ● Vault overview (Kawsar) - 10 ● Demo (Kawsar) - 20 ● Q/A (moderated by Brianna) - 15
Objectives ● Business driver: move to cloud while maintaining high security posture.
A generational transition is underway Traditional datacenter “Static” Modern datacenter “Dynamic” Dedicated infrastructure...
The HashiCorp Stack A control plane for every layer of the cloud operating model Run Development Cloud Application Automat...
Vault: Manage Secrets and Protect sensitive data *slide from HashiCorp corporate overview High Trust Long-lived IP, clear ...
Vault Manage Secrets and Protect sensitive Data Secrets management to centrally store and protect secrets across clouds an...
How Vault works
Azure plugins Dynamically generates Azure service principals along with role and group assignments. Or new password will b...
Dynamic credentials
Demo: Dynamic credentials
Terraform Enterprise Demo: Securing CI/CD Pipeline Version Control CI/CD Terraform IaC (*.tf) AKS Workspace
Key benefits ● Azure credentials are unique to each application instance - no password sharing. ● Cloud credentials have le...
Q/A
Resources Demo repository https://gitlab.com/kawsark/vault-azure-demo Azure Secrets Engine https://www.vaultproject.io/doc...
Upcoming SlideShare
Loading in …5
×

Dynamic Azure Credentials for Applications and CI/CD Pipelines

131 views

Published on

An important use-case for Vault is to provide short lived and least privileged Cloud credentials. In this webinar we will review specifically how Vault's Azure Secrets Engine can provide dynamic Azure credentials. We will cover details on how to configure the Azure Secrets Engine in Vault and use it in an application. If you are using Azure now or in the near future, join us for some patterns on maintaining a high security posture with Vault's dynamic credentials model!

Published in: Software
no profile picture user
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THE BOOK INTO AVAILABLE FORMAT (New Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download Full doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download PDF EBOOK here { https://urlzs.com/UABbn } ......................................................................................................................... Download EPUB Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... Download doc Ebook here { https://urlzs.com/UABbn } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THE can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THE is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBOOK .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookBOOK, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, EBOOK, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THE Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THE the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THE Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Dynamic Azure Credentials for Applications and CI/CD Pipelines

  1. 1. © 2019 HashiCorp Dynamic Azure Credentials for Applications and CI/CD Pipelines SE Webinar - July 21st, 2020 Kawsar Kamal - Staff Solution Engineer (http://kawsark.gitlab.io) Brianna DeLuca - Sr. Field Marketing Manager
  2. 2. Agenda ● Introductions (Brianna) - 5 ● Vault overview (Kawsar) - 10 ● Demo (Kawsar) - 20 ● Q/A (moderated by Brianna) - 15
  3. 3. Objectives ● Business driver: move to cloud while maintaining high security posture.
  4. 4. A generational transition is underway Traditional datacenter “Static” Modern datacenter “Dynamic” Dedicated infrastructure Private cloud SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT Public multi-cloud +
  5. 5. The HashiCorp Stack A control plane for every layer of the cloud operating model Run Development Cloud Application Automation Connect Networking Cloud Networking Automation Secure Security Cloud Security Automation Provision Operations Cloud Infrastructure Automation vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager
  6. 6. Vault: Manage Secrets and Protect sensitive data *slide from HashiCorp corporate overview High Trust Long-lived IP, clear network perimeter. Low Trust No clear perimeter Mixed identities: Cloud, VMs, Container, Serverless Maintained by HashiCorp Written in Go Cloud agnostic Opensource community
  7. 7. Vault Manage Secrets and Protect sensitive Data Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure. 300+ Enterprise Customers 1M+ Monthly D/Ls 2T+ Transactions Trusted by:
  8. 8. How Vault works
  9. 9. Azure plugins Dynamically generates Azure service principals along with role and group assignments. Or new password will be dynamically generated for existing service principals. The azure auth method allows authentication against Vault using Azure credentials. Azure Auth Method Azure Secrets Engine
  10. 10. Dynamic credentials
  11. 11. Demo: Dynamic credentials
  12. 12. Terraform Enterprise Demo: Securing CI/CD Pipeline Version Control CI/CD Terraform IaC (*.tf) AKS Workspace
  13. 13. Key benefits ● Azure credentials are unique to each application instance - no password sharing. ● Cloud credentials have least privilege roles to limit blast radius. ● Cloud credentials are time bound so in case of a credential leak, the risk of it being valid is limited. ● Credentials can be audited to check which application instance retrieved a secret. ● Easy to revoke credentials if needed.
  14. 14. Q/A
  15. 15. Resources Demo repository https://gitlab.com/kawsark/vault-azure-demo Azure Secrets Engine https://www.vaultproject.io/docs/secrets/azure Blog post https://medium.com/hashicorp-engineering/onboarding-the-azure-secrets-engine-for-vault-f09d48c68b69?sour ce=friends_link&sk=59acf7d78362a48bf6cb039385776114 Azure Authentication Method https://www.vaultproject.io/docs/auth/azure Webinar Assets This will be emailed Vault 1.4 Blog post https://www.hashicorp.com/blog/vault-1-4/ Deploying Vault in Kubernetes https://www.vaultproject.io/docs/platform/k8s/helm/run Terraform for AKS https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/kubernetes Transform Secrets Engine wrapper https://github.com/kawsark/transform.py

×