SlideShare a Scribd company logo

HashiCorp Vault: A Tool for Securely Storing and Accessing Secrets

Download as PPTX, PDF
AVIO Consulting
AVIO Consulting

Presentation of the HashiCorp Vault Connector and Properties Provider for Mule 4

Technology
1 of 27
HashiCorp Vault Adam Mead amead@avioconsulting.com May 6, 2020
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 2 Audit Logs5 Vault Enterprise6
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 3 Audit Logs5 Vault Enterprise6
A tool for securely storing and accessing secrets • Provides: • Centralized secret storage • Encryption of secrets at rest and in transit • Audit trail of access to secrets • Fine-grained access controls • Encryption as a service • Identity Based Authentication What is HashiCorp Vault? AVIOCONSULTING.COM 4
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 5 Audit Logs5 Vault Enterprise6
Secrets Management ● Multiple Secrets Engines are available ● Dynamic Secrets - Cloud Providers, DB, etc. ● Ephemeral ● Unique Vault Use Cases AVIOCONSULTING.COM 6
Data Encryption • Data is sent to Vault for encryption/decryption • Encryption keys can be rotated Vault Use Cases AVIOCONSULTING.COM 7
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 8 Audit Logs5 Vault Enterprise6
Connections • Allow applications to connect to Vault, authenticating via • Token • TLS Certificate • AWS Identity Document • AWS Instance Metadata • AWS IAM Vault Connector and Vault Properties Provider AVIOCONSULTING.COM 9
Accessing Secrets • Vault Connector • Read Secrets • Write Secrets • Encryption as a Service • Vault Properties Provider • Read Secrets • Properties are read from Vault when the application starts Vault Connector and Vault Properties Provider AVIOCONSULTING.COM 10
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 11 Audit Logs5 Vault Enterprise6
• Deploy Clustered, using Consul backend Best Practices AVIOCONSULTING.COM 12
• Use Auto-unseal if allowed Best Practices AVIOCONSULTING.COM 13
• Vault Reference Architecture https://learn.hashicorp.com/vault/operations/ops-reference-architecture • Production Hardening Guide https://learn.hashicorp.com/vault/operations/production-hardening Best Practices AVIOCONSULTING.COM 14
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 15 Audit Logs5 Vault Enterprise6
Audit Logs AVIOCONSULTING.COM 16
Audit Logs AVIOCONSULTING.COM 17
• Logging Options • File • Syslog • Socket (TCP, UDP, UNIX) • Logging Operation • Logs guaranteed to be written before response is sent Audit Logs AVIOCONSULTING.COM 18
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 19 Audit Logs5 Vault Enterprise6
Enterprise Platform ● Disaster Recovery ● Namespaces Vault Enterprise AVIOCONSULTING.COM 20 Multi-Datacenter and Scale ● Performance Replication ● Replication Filters ● Read Replicas ● Path Filters Governance and Policy ● Control Groups ● HSM Support ● Multi-Factor Authentication ● Sentinel Integration ● Fips 140.2 ● Entropy Augmentation Advanced Data Protection ● KMIP ● Transform
Vault Enterprise Replication AVIOCONSULTING.COM 21
• Format Preserving Encryption • Two-way (FF3-1) • Encrypt credit card numbers, Social Security numbers, and others while preserving the format • e.g. - 1234-1432-1342-2431 → 6423-3456-1234-7786 • Data Masking • One-way • e.g. - 523-34-7512 → ###-##-7512 Transform Secrets Engine (Vault 1.4) AVIOCONSULTING.COM 22
• Integrated Storage • Vault Helm Chart • OpenLDAP Secrets Engine • Kerberos Auth Method • NetApp Enterprise Key Management Support (Enterprise) • Improved Disaster Recovery (DR) Workflow (Enterprise) New Features in Vault 1.4 AVIOCONSULTING.COM 23
Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 24 Audit Logs5 Vault Enterprise6
DEMO
Questions?
Webinar: HashiCorp Vault Replication and Disaster Recovery May 12, 2020 01:00 PM CDT Saul Jaramillo - AVIO Consulting Want to see more? AVIOCONSULTING.COM 27

Recommended

Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesMitchell Pronschinske
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerUsing ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerBizTalk360
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 

Recommended

Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesMitchell Pronschinske
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerUsing ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk Server
Using ELK-Stack (Elasticsearch, Logstash and Kibana) with BizTalk ServerBizTalk360
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyNGINX, Inc.
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19NGINX, Inc.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Kubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiKubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiRita Zhang
 
Encode
EncodeEncode
EncodeVanessa Lošić
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Cheah Eng Soon
 
Containerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS WorksContainerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS WorksMatt Baldwin
 
OSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd ErkOSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd ErkNETWAYS
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINXNGINX, Inc.
 
Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velocidex Enterprises
 
Apache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultApache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultCloudOps2005
 
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelAméliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelOdinot Stanislas
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
 
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...Tanya Denisyuk
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSouth Tyrol Free Software Conference
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)NGINX, Inc.
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 

More Related Content

What's hot

What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19NGINX, Inc.
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Kubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiKubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiRita Zhang
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Cheah Eng Soon
 
Containerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS WorksContainerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS WorksMatt Baldwin
 
OSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd ErkOSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd ErkNETWAYS
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINXNGINX, Inc.
 
Apache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultApache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultCloudOps2005
 
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelAméliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelOdinot Stanislas
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityEdgeUno
 
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...Tanya Denisyuk
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSouth Tyrol Free Software Conference
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)NGINX, Inc.
 

What's hot (20)

What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
 
Kubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csiKubecon 2019_eu-k8s-secrets-csi
Kubecon 2019_eu-k8s-secrets-csi
 
Encode
EncodeEncode
Encode
 
Application Security - 28 Nov 2018
Application Security - 28 Nov 2018Application Security - 28 Nov 2018
Application Security - 28 Nov 2018
 
Containerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS WorksContainerized Storage for Containers: Why, What and How OpenEBS Works
Containerized Storage for Containers: Why, What and How OpenEBS Works
 
OSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd ErkOSMC 2018 | Current State of Icinga by Bernd Erk
OSMC 2018 | Current State of Icinga by Bernd Erk
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX
 
Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019Velociraptor - SANS Summit 2019
Velociraptor - SANS Summit 2019
 
Apache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp VaultApache CloudStack Integration with HashiCorp Vault
Apache CloudStack Integration with HashiCorp Vault
 
Améliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies IntelAméliorer OpenStack avec les technologies Intel
Améliorer OpenStack avec les technologies Intel
 
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 SecurityFernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
Fernando Gont - The Hack Summit 2021 - State of the Art in IPv6 Security
 
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
Сергей Сверчков "Want to build a secure private cloud for IoT with high avail...
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraformSFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
SFScon18 - Gerhard Sulzberger - Jason Tevnan - gitops with gitlab + terraform
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
 

Similar to HashiCorp Vault: A Tool for Securely Storing and Accessing Secrets

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesAn Nguyen
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 
Architecting for Microservices Part 2
Architecting for Microservices Part 2Architecting for Microservices Part 2
Architecting for Microservices Part 2Elana Krasner
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultAWS Germany
 
Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Alexander Tokarev
 
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal it
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal itAmplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal it
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal itAmplexor
 
01282016 Aerospike-Docker webinar
01282016 Aerospike-Docker webinar01282016 Aerospike-Docker webinar
01282016 Aerospike-Docker webinarAerospike, Inc.
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodologylaeshin park
 
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Lucas Jellema
 
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)VMware Tanzu
 
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...Amazon Web Services
 
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...Jack-Junjie Cai
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Migrating Java EE applications to IBM Bluemix Platform-as-a-Service
Migrating Java EE applications to IBM Bluemix Platform-as-a-ServiceMigrating Java EE applications to IBM Bluemix Platform-as-a-Service
Migrating Java EE applications to IBM Bluemix Platform-as-a-ServiceDavid Currie
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?Nathan Van Gheem
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 

Similar to HashiCorp Vault: A Tool for Securely Storing and Accessing Secrets (20)

Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
 
Architecting for Microservices Part 2
Architecting for Microservices Part 2Architecting for Microservices Part 2
Architecting for Microservices Part 2
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Open Policy Agent for governance as a code
Open Policy Agent for governance as a code Open Policy Agent for governance as a code
Open Policy Agent for governance as a code
 
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal it
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal itAmplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal it
Amplexor Drupal for the Enterprise seminar - Acquia: dream it, Drupal it
 
01282016 Aerospike-Docker webinar
01282016 Aerospike-Docker webinar01282016 Aerospike-Docker webinar
01282016 Aerospike-Docker webinar
 
12 Factor App Methodology
12 Factor App Methodology12 Factor App Methodology
12 Factor App Methodology
 
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
 
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)
Cloud Foundry Summit 2015: Building a Robust Cloud Foundry (HA, Security and DR)
 
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...
Drinking our own Champagne: How Woot, an Amazon subsidiary, uses AWS (ARC212)...
 
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...
Migrating Java EE applications to IBM Bluemix platform as-a-service (CloudFou...
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Migrating Java EE applications to IBM Bluemix Platform-as-a-Service
Migrating Java EE applications to IBM Bluemix Platform-as-a-ServiceMigrating Java EE applications to IBM Bluemix Platform-as-a-Service
Migrating Java EE applications to IBM Bluemix Platform-as-a-Service
 
Vault
VaultVault
Vault
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

HashiCorp Vault: A Tool for Securely Storing and Accessing Secrets

  • 2. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 2 Audit Logs5 Vault Enterprise6
  • 3. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 3 Audit Logs5 Vault Enterprise6
  • 4. A tool for securely storing and accessing secrets • Provides: • Centralized secret storage • Encryption of secrets at rest and in transit • Audit trail of access to secrets • Fine-grained access controls • Encryption as a service • Identity Based Authentication What is HashiCorp Vault? AVIOCONSULTING.COM 4
  • 5. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 5 Audit Logs5 Vault Enterprise6
  • 6. Secrets Management ● Multiple Secrets Engines are available ● Dynamic Secrets - Cloud Providers, DB, etc. ● Ephemeral ● Unique Vault Use Cases AVIOCONSULTING.COM 6
  • 7. Data Encryption • Data is sent to Vault for encryption/decryption • Encryption keys can be rotated Vault Use Cases AVIOCONSULTING.COM 7
  • 8. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 8 Audit Logs5 Vault Enterprise6
  • 9. Connections • Allow applications to connect to Vault, authenticating via • Token • TLS Certificate • AWS Identity Document • AWS Instance Metadata • AWS IAM Vault Connector and Vault Properties Provider AVIOCONSULTING.COM 9
  • 10. Accessing Secrets • Vault Connector • Read Secrets • Write Secrets • Encryption as a Service • Vault Properties Provider • Read Secrets • Properties are read from Vault when the application starts Vault Connector and Vault Properties Provider AVIOCONSULTING.COM 10
  • 11. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 11 Audit Logs5 Vault Enterprise6
  • 12. • Deploy Clustered, using Consul backend Best Practices AVIOCONSULTING.COM 12
  • 13. • Use Auto-unseal if allowed Best Practices AVIOCONSULTING.COM 13
  • 14. • Vault Reference Architecture https://learn.hashicorp.com/vault/operations/ops-reference-architecture • Production Hardening Guide https://learn.hashicorp.com/vault/operations/production-hardening Best Practices AVIOCONSULTING.COM 14
  • 15. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 15 Audit Logs5 Vault Enterprise6
  • 18. • Logging Options • File • Syslog • Socket (TCP, UDP, UNIX) • Logging Operation • Logs guaranteed to be written before response is sent Audit Logs AVIOCONSULTING.COM 18
  • 19. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 19 Audit Logs5 Vault Enterprise6
  • 20. Enterprise Platform ● Disaster Recovery ● Namespaces Vault Enterprise AVIOCONSULTING.COM 20 Multi-Datacenter and Scale ● Performance Replication ● Replication Filters ● Read Replicas ● Path Filters Governance and Policy ● Control Groups ● HSM Support ● Multi-Factor Authentication ● Sentinel Integration ● Fips 140.2 ● Entropy Augmentation Advanced Data Protection ● KMIP ● Transform
  • 22. • Format Preserving Encryption • Two-way (FF3-1) • Encrypt credit card numbers, Social Security numbers, and others while preserving the format • e.g. - 1234-1432-1342-2431 → 6423-3456-1234-7786 • Data Masking • One-way • e.g. - 523-34-7512 → ###-##-7512 Transform Secrets Engine (Vault 1.4) AVIOCONSULTING.COM 22
  • 23. • Integrated Storage • Vault Helm Chart • OpenLDAP Secrets Engine • Kerberos Auth Method • NetApp Enterprise Key Management Support (Enterprise) • Improved Disaster Recovery (DR) Workflow (Enterprise) New Features in Vault 1.4 AVIOCONSULTING.COM 23
  • 24. Agenda What is HashiCorp Vault?1 Vault Use Cases2 Vault Connector and Vault Properties Provider3 Best Practices4 Demo7 AVIOCONSULTING.COM 24 Audit Logs5 Vault Enterprise6
  • 25. DEMO
  • 27. Webinar: HashiCorp Vault Replication and Disaster Recovery May 12, 2020 01:00 PM CDT Saul Jaramillo - AVIO Consulting Want to see more? AVIOCONSULTING.COM 27