SlideShare a Scribd company logo

Vault Agent and Vault 0.11 features

Download as PPTX, PDF
Mitchell Pronschinske
Mitchell Pronschinske

Video of presentation: https://www.hashicorp.com/resources/streamline-secrets-management-with-vault-agent Learn about the new features in the open source Vault 0.11 release with Jeff Mitchell, an engineering manager at HashiCorp. The new features include ACL templates, namespaces (Vault Enterprise), and Vault Agent, which solves the "secret zero" problem.

Software
1 of 23
Copyright © 2018 HashiCorp Vault Agent and 0.11 Features
Copyright © 2018 HashiCorp • Agent (OSS) • Namespaces (Enterprise) • ACL Path Templating (OSS) Overview 2
Copyright © 2018 HashiCorp • Agent (OSS) • Namespaces (Enterprise) • ACL Path Templating (OSS) Overview 3
Copyright © 2018 HashiCorp • New mode of operation for Vault binary (‘vault agent’) • Useful for when a client-side daemon is needed (vs single request) Agent 4
Copyright © 2018 HashiCorp • Automatically authenticates to Vault • Keeps token renewed, re-authenticates as needed • Designed with robustness and fault/failure tolerance in mind • Currently supports AliCloud, AWS, Azure, GCP, JWT, Kubernetes Auto-Auth
Copyright © 2018 HashiCorp • In terms of flow: • Auth Handler • Auth Method • Sink Server • Token Sinks Auto-Auth Design
Copyright © 2018 HashiCorp • If no token, or token invalid, invokes the Auth Method for instructions on how to authenticate Auth Handler
Copyright © 2018 HashiCorp • Returns information on how to perform the authentication • Ready-to-execute HTTP request; address, headers, params • Very similar to existing CLI helpers for vault login commands • Can optionally poke the Auth Handler to tell it that new credentials are available for use Auth Method
Copyright © 2018 HashiCorp • Uses the Vault Go SDK’s Renewer primitive to keep the returned token renewed • When the Renewer can no longer renew, asks the Auth Method to reauthenticate • Passes the token to the Sink Server Auth Handler
Copyright © 2018 HashiCorp • Responsible for fanning out the token to one or more Token Sinks, as well as some special handling • On failure, will keep re-attempting, with a backoff Sink Server
Copyright © 2018 HashiCorp • Responsible for outputting a token somewhere • Currently just “file” • Eventually: • Socket? • API request? • Etc. Token Sinks
Copyright © 2018 HashiCorp • Simple test program: • Generates a signing key • Adds the JWT method to Vault, configures the allowed public keys • On each press of Enter, creates and writes a new JWT • Agent: • Configured for JWT flow • JWT auth method watches for new file, reads it, deletes it • Auths to Vault • Keeps tokens renewed/reauths Demo
Copyright © 2018 HashiCorp • Basics • Drop onto a ramdisk (preferably encrypted) • Use filesystem permissions • Agent has a few options for additional protection; see docs Protecting Tokens
Copyright © 2018 HashiCorp • Vaults within Vault(s) (within Vault(s)) • Partitions off areas of Vault into nearly fully-separate instances Namespaces
Copyright © 2018 HashiCorp Root
Copyright © 2018 HashiCorp Teams + Groups
Copyright © 2018 HashiCorp Application/Users
Copyright © 2018 HashiCorp • Shared: • Underlying encryption keys • Replication* • Per-namespace: • Mounts / Plugins • Policies • Tokens • Leases • Identities Namespaces
Copyright © 2018 HashiCorp • Control flows down from the root to the leaves • Parent namespaces can be given privileges in child namespaces • Direct ACL path-capability grants • Identity groups • Every request executes in the context of the most specific containing namespace • Policies operate at their appropriate namespace, always Namespaces
Copyright © 2018 HashiCorp • Namespaces get special versions of special mounts • Cubbyhole, Sys, Identity Namespaces
Copyright © 2018 HashiCorp • Demo time! Namespaces
Copyright © 2018 HashiCorp • Allows templating Identity values into ACL policy paths • Easiest to show in a demo… ACL Policy Path Templating
Copyright © 2018 HashiCorp • Demo time! ACL Policy Path Templating

Recommended

Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesMitchell Pronschinske
 
Delivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefDelivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefAmanda MacLeod
 
Injecting Vault Secrets Into Kubernetes Pods via a Sidecar
Injecting Vault Secrets Into Kubernetes Pods via a SidecarInjecting Vault Secrets Into Kubernetes Pods via a Sidecar
Injecting Vault Secrets Into Kubernetes Pods via a SidecarMitchell Pronschinske
 
Vault Secrets Via API for the REST of Us
Vault Secrets Via API for the REST of UsVault Secrets Via API for the REST of Us
Vault Secrets Via API for the REST of UsMitchell Pronschinske
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Amanda MacLeod
 
Adopting HashiCorp Vault
Adopting HashiCorp VaultAdopting HashiCorp Vault
Adopting HashiCorp VaultNicolas Corrarello
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020AVIO Consulting
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 

Recommended

Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesMitchell Pronschinske
 
Delivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefDelivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefAmanda MacLeod
 
Injecting Vault Secrets Into Kubernetes Pods via a Sidecar
Injecting Vault Secrets Into Kubernetes Pods via a SidecarInjecting Vault Secrets Into Kubernetes Pods via a Sidecar
Injecting Vault Secrets Into Kubernetes Pods via a SidecarMitchell Pronschinske
 
Vault Secrets Via API for the REST of Us
Vault Secrets Via API for the REST of UsVault Secrets Via API for the REST of Us
Vault Secrets Via API for the REST of UsMitchell Pronschinske
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Amanda MacLeod
 
Adopting HashiCorp Vault
Adopting HashiCorp VaultAdopting HashiCorp Vault
Adopting HashiCorp VaultNicolas Corrarello
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020AVIO Consulting
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultShrivatsa Upadhye
 
Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual KubeletMitchell Pronschinske
 
Authenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentAuthenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentMartez Reed
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
REAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKEREAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKERolando Carrasco
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSouth Tyrol Free Software Conference
 
Securing Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp VaultSecuring Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp VaultDevOps.com
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Altitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub PagesAltitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub PagesFastly
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINXNGINX, Inc.
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...KCDItaly
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSNGINX, Inc.
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesKangaroot
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX, Inc.
 
Reduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load BalancingReduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load BalancingNGINX, Inc.
 
Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data LakeAshutosh Narkar
 
De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2 De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2 Leonard Moustacchis
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfJorge Alvarez
 

More Related Content

What's hot

Authenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentAuthenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentMartez Reed
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
REAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKEREAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKERolando Carrasco
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSouth Tyrol Free Software Conference
 
Securing Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp VaultSecuring Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp VaultDevOps.com
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Altitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub PagesAltitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub PagesFastly
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINXNGINX, Inc.
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...KCDItaly
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSNGINX, Inc.
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesKangaroot
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityJohn Varghese
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Mitchell Pronschinske
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX, Inc.
 
Reduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load BalancingReduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load BalancingNGINX, Inc.
 
Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data LakeAshutosh Narkar
 

What's hot (20)

Introduction to Virtual Kubelet
Introduction to Virtual KubeletIntroduction to Virtual Kubelet
Introduction to Virtual Kubelet
 
Authenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentAuthenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere Environment
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy Agent
 
REAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKEREAL Expert Alliance OCI series part 4 - OKE
REAL Expert Alliance OCI series part 4 - OKE
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
 
Securing Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp VaultSecuring Kubernetes Applications with HashiCorp Vault
Securing Kubernetes Applications with HashiCorp Vault
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
Altitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub PagesAltitude San Francisco 2018: Bringing TLS to GitHub Pages
Altitude San Francisco 2018: Bringing TLS to GitHub Pages
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Of CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills securityOf CORS thats a thing how CORS in the cloud still kills security
Of CORS thats a thing how CORS in the cloud still kills security
 
Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)Post quantum cryptography in vault (hashi talks 2020)
Post quantum cryptography in vault (hashi talks 2020)
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
 
Reduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load BalancingReduce IT Spend with Software Load Balancing
Reduce IT Spend with Software Load Balancing
 
Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data Lake
 

Similar to Vault Agent and Vault 0.11 features

De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2 De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2 Leonard Moustacchis
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfJorge Alvarez
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebCliff Smith
 
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxFreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxJulian Catrambone
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain AccessDefcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Accesseightbit
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache ShiroMarakana Inc.
 
Introduction to Ethereum
Introduction to EthereumIntroduction to Ethereum
Introduction to EthereumArnold Pham
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesSam Bowne
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to knowGökhan Şengün
 
Dynamic Database Credentials with HashiCorp Vault
Dynamic Database Credentials with HashiCorp VaultDynamic Database Credentials with HashiCorp Vault
Dynamic Database Credentials with HashiCorp VaultKatie Reese
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesSam Bowne
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаPositive Hack Days
 

Similar to Vault Agent and Vault 0.11 features (20)

De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2 De la bonne utilisation de OAuth2
De la bonne utilisation de OAuth2
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdf
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIs
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern Web
 
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of LinuxFreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain AccessDefcon 25 Packet Hacking Village - Finding Your Way to Domain Access
Defcon 25 Packet Hacking Village - Finding Your Way to Domain Access
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache Shiro
 
Vault 101
Vault 101Vault 101
Vault 101
 
Introduction to Ethereum
Introduction to EthereumIntroduction to Ethereum
Introduction to Ethereum
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to know
 
Dynamic Database Credentials with HashiCorp Vault
Dynamic Database Credentials with HashiCorp VaultDynamic Database Credentials with HashiCorp Vault
Dynamic Database Credentials with HashiCorp Vault
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!REST API Security: OAuth 2.0, JWTs, and More!
REST API Security: OAuth 2.0, JWTs, and More!
 
Заполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не оконченаЗаполучили права администратора домена? Игра еще не окончена
Заполучили права администратора домена? Игра еще не окончена
 

More from Mitchell Pronschinske

Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulMitchell Pronschinske
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMitchell Pronschinske
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesMitchell Pronschinske
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMitchell Pronschinske
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpMitchell Pronschinske
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpMitchell Pronschinske
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloudMitchell Pronschinske
 
Military Edge Computing with Vault and Consul
Military Edge Computing with Vault and ConsulMilitary Edge Computing with Vault and Consul
Military Edge Computing with Vault and ConsulMitchell Pronschinske
 
Unlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub ActionsUnlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub ActionsMitchell Pronschinske
 
Vault 1.4 integrated storage overview
Vault 1.4 integrated storage overviewVault 1.4 integrated storage overview
Vault 1.4 integrated storage overviewMitchell Pronschinske
 
Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)Mitchell Pronschinske
 
Governance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad ClusterGovernance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad ClusterMitchell Pronschinske
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentMitchell Pronschinske
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultMitchell Pronschinske
 
Modern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with NomadModern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with NomadMitchell Pronschinske
 
Moving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on AzureMoving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on AzureMitchell Pronschinske
 

More from Mitchell Pronschinske (20)

Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
 
Code quality for Terraform
Code quality for TerraformCode quality for Terraform
Code quality for Terraform
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD Pipelines
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorp
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corp
 
Vault 1.5 Overview
Vault 1.5 OverviewVault 1.5 Overview
Vault 1.5 Overview
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloud
 
Military Edge Computing with Vault and Consul
Military Edge Computing with Vault and ConsulMilitary Edge Computing with Vault and Consul
Military Edge Computing with Vault and Consul
 
Unlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub ActionsUnlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub Actions
 
Vault 1.4 integrated storage overview
Vault 1.4 integrated storage overviewVault 1.4 integrated storage overview
Vault 1.4 integrated storage overview
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
 
Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)
 
Governance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad ClusterGovernance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad Cluster
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: Deployment
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
 
Modern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with NomadModern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with Nomad
 
Moving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on AzureMoving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on Azure
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 

Vault Agent and Vault 0.11 features

  • 1. Copyright © 2018 HashiCorp Vault Agent and 0.11 Features
  • 2. Copyright © 2018 HashiCorp • Agent (OSS) • Namespaces (Enterprise) • ACL Path Templating (OSS) Overview 2
  • 3. Copyright © 2018 HashiCorp • Agent (OSS) • Namespaces (Enterprise) • ACL Path Templating (OSS) Overview 3
  • 4. Copyright © 2018 HashiCorp • New mode of operation for Vault binary (‘vault agent’) • Useful for when a client-side daemon is needed (vs single request) Agent 4
  • 5. Copyright © 2018 HashiCorp • Automatically authenticates to Vault • Keeps token renewed, re-authenticates as needed • Designed with robustness and fault/failure tolerance in mind • Currently supports AliCloud, AWS, Azure, GCP, JWT, Kubernetes Auto-Auth
  • 6. Copyright © 2018 HashiCorp • In terms of flow: • Auth Handler • Auth Method • Sink Server • Token Sinks Auto-Auth Design
  • 7. Copyright © 2018 HashiCorp • If no token, or token invalid, invokes the Auth Method for instructions on how to authenticate Auth Handler
  • 8. Copyright © 2018 HashiCorp • Returns information on how to perform the authentication • Ready-to-execute HTTP request; address, headers, params • Very similar to existing CLI helpers for vault login commands • Can optionally poke the Auth Handler to tell it that new credentials are available for use Auth Method
  • 9. Copyright © 2018 HashiCorp • Uses the Vault Go SDK’s Renewer primitive to keep the returned token renewed • When the Renewer can no longer renew, asks the Auth Method to reauthenticate • Passes the token to the Sink Server Auth Handler
  • 10. Copyright © 2018 HashiCorp • Responsible for fanning out the token to one or more Token Sinks, as well as some special handling • On failure, will keep re-attempting, with a backoff Sink Server
  • 11. Copyright © 2018 HashiCorp • Responsible for outputting a token somewhere • Currently just “file” • Eventually: • Socket? • API request? • Etc. Token Sinks
  • 12. Copyright © 2018 HashiCorp • Simple test program: • Generates a signing key • Adds the JWT method to Vault, configures the allowed public keys • On each press of Enter, creates and writes a new JWT • Agent: • Configured for JWT flow • JWT auth method watches for new file, reads it, deletes it • Auths to Vault • Keeps tokens renewed/reauths Demo
  • 13. Copyright © 2018 HashiCorp • Basics • Drop onto a ramdisk (preferably encrypted) • Use filesystem permissions • Agent has a few options for additional protection; see docs Protecting Tokens
  • 14. Copyright © 2018 HashiCorp • Vaults within Vault(s) (within Vault(s)) • Partitions off areas of Vault into nearly fully-separate instances Namespaces
  • 15. Copyright © 2018 HashiCorp Root
  • 16. Copyright © 2018 HashiCorp Teams + Groups
  • 17. Copyright © 2018 HashiCorp Application/Users
  • 18. Copyright © 2018 HashiCorp • Shared: • Underlying encryption keys • Replication* • Per-namespace: • Mounts / Plugins • Policies • Tokens • Leases • Identities Namespaces
  • 19. Copyright © 2018 HashiCorp • Control flows down from the root to the leaves • Parent namespaces can be given privileges in child namespaces • Direct ACL path-capability grants • Identity groups • Every request executes in the context of the most specific containing namespace • Policies operate at their appropriate namespace, always Namespaces
  • 20. Copyright © 2018 HashiCorp • Namespaces get special versions of special mounts • Cubbyhole, Sys, Identity Namespaces
  • 21. Copyright © 2018 HashiCorp • Demo time! Namespaces
  • 22. Copyright © 2018 HashiCorp • Allows templating Identity values into ACL policy paths • Easiest to show in a demo… ACL Policy Path Templating
  • 23. Copyright © 2018 HashiCorp • Demo time! ACL Policy Path Templating

Editor's Notes

  1. people tend to think of the problem in this way. address one at a time.
  2. people tend to think of the problem in this way. address one at a time.
  3. people tend to think of the problem in this way. address one at a time.