The document discusses HashiCorp Vault, which is a tool for securely managing secrets and sensitive data. It provides secure credential management and features like dynamic secrets, data encryption, leasing and key rotation, revocation, and audit controls. It integrates with databases, tools, and other systems. The presentation covers common challenges Vault aims to address, use cases, features, and includes a demo.

1. CREDENTIAL STORECREDENTIAL STORE

2. MAYANK PATELMAYANK PATEL
APPLICATION ARCHITECT @APPLICATION ARCHITECT @
/ /
OILDEXOILDEX
Linkedin @maxy_ermayank Medium

3. SOFTWARE AS A SERVICE PROVIDER FOR OIL ANDSOFTWARE AS A SERVICE PROVIDER FOR OIL AND
GAS COMPANIESGAS COMPANIES
7.5 Years
OILDEXOILDEX

4. FOCUSED ONFOCUSED ON
Streaming, Reactive, Non-blocking Architecture
API Design
DevOps
Cloud Native Architecture
Empowering so ware development teams
Digital Transformation and Digital Optimization

5. AGENDAAGENDA
Common Challenges
Vault Use Cases & Features
Demo

6. Common Challenges / Problems we are trying to
solve?

7. Credentials stored & transmitted in Plaintext format

8. Credentials almost never get renewed once it is issued
or manual renewal

9. No PKI Certificate Management

10. API Keys are hand generated and never renewed

11. No SSH Key storage

12. No Audit Control

13. No Kill Switch

14. Lack of automation for secrets deployment

15. MANY MORE...

16. How do we manage credentials in Cloud Native,
Distributed Infrastructure ?

18. VAULT USE CASESVAULT USE CASES

19. Secure Credential Management on a Budget

20. VAULT FEATURESVAULT FEATURES
Secure Secret Storage
Dynamic Secrets (Secret as a Service)
Data Encryption
Leasing and Renewal (Key Rotation)
Revocation
Audit Control
Integration with wide variety of Databases and Tools
Custom Plugin

21. SECURE SECRET STORAGESECURE SECRET STORAGE
Basic Credentials
Tokens, TOTP
PKI Certificate Management (It’s easy to be your own
certificate authority)
LDAP
SSH Keys
Handle SSH logins across the org.
One time SSH access
It increases the usefulness of audit logs during
incident response
...

22. DYNAMIC SECRETSDYNAMIC SECRETS
AWS Cassandra Consul Hana
MariaDB MongoDB MSSQL MySQL
Oracle PKI Certificates PostgreSQL
RabbitMQ SSH Transit Custom..

23. WHY DYNAMIC SECRETS?WHY DYNAMIC SECRETS?
Dynamic passwords provide a bunch of benefits

24. No need to write down, store, or share passwords

25. Enables very short lived passwords, less exposure if
compromised

26. For distributed applications, every instance gets
unique credentials

27. Constantly changing and expiring
usernames/passwords are much harder to brute force

28. Automatic password rotation/expiration

29. Better audit trail

30. HTTP API/CLI

31. Integration
consul-template
Envconsul
Native Client Libraries
Integration with Ansible, Chef, Puppet, Salt, etc.
HashiCorp Vault Jenkins plugin

33. RESOURCESRESOURCES
Vault-Consul Docker Swarm Cluster
Denver HashiCorp User Group Talk - Credential
Store using Vault
awesome-vault-tools
Vault Demo Console

34. THANK YOU!THANK YOU!
QUESTIONS?QUESTIONS?
You can contact me at:
/ /Linkedin @maxy_ermayank Medium