SlideShare a Scribd company logo

Hashicorp Vault - OPEN Public Sector

Kangaroot
Kangaroot

Vault provides encryption as a service with centralised key management to simplify encrypting data in transit and at rest across clouds & datacenters.

Technology
1 of 72
Download to read offline
© 2018 HashiCorp Vault Cloud Security Automation
About HashiCorp Leading Cloud Infrastructure Automation Founded 2012 Employees 700 Funding 174M Our software stack enables the provisioning, securing, connecting and running of apps and the infrastructure to support them. We unlock the cloud operating model for every business and enable their digital transformation strategies to succeed.
The Transition to Multi-Cloud
The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + +
The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + + “Tickets-based” “Self service”
The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + + SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT “Tickets-based” “Self service”
Digital experiences are now the primary interface between a customer and a business, or business and business. Experiences are typically device- and cloud-first: rich, personal interface, with large scale data processing and intelligence. Cloud adoption is a secular trend This patterns demands a change in the model for software delivery to meet delivery goals, and transformation objectives. Digital transformation means pressure on application delivery
Accelerating Application Delivery Facets of delivering applications in a multi cloud world Volume and distribution of services Ephemerality and immutability Multiple target environments ? App App
Reimagining the Stack
Reimagining the stack The implications of the Cloud Operating Model Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
Reimagining the stack The implications of the Cloud Operating Model Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
Reimagining the stack The implications of the Cloud Operating Model Connect Networking Host-based Static IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
Reimagining the stack The implications of the Cloud Operating Model Run Development Dedicated Infrastructure Scheduled across the fleet Connect Networking Host-based Static IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
The Cloud Landscape In search of a common model across multi-cloud environments Run Development Connect Networking Secure Security Provision Operations DEDICATED PRIVATE CLOUD vSphere Hardware IP: Hardware vCenter vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager AWS AZURE GCP
The HashiCorp Stack A control plane for every layer of the cloud operating model Run Development Connect Networking Secure Security Provision Operations PRIVATE CLOUD AWS AZURE GCP
Private Cloud Cloud Provisioning with Terraform A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
Cloud Provisioning with Terraform A common Cloud Operating Model Core + Provider Model ● Expose the unique services of each infrastructure platform, but provide a consistent workflow
Cloud Provisioning with Terraform A common Cloud Operating Model Core + Provider Model ● Expose the unique services of each infrastructure platform, but provide a consistent workflow ● 200+ Providers exist for any infrastructure or application element i. Enabled by the open source model of 1200+ contributors
Cloud Provisioning with Terraform A common Cloud Operating Model A single Terraform template contains the entire infrastructure topology ● Platform services AND the configuration of any dependencies i. eg. 4 AWS services plus k8s
Cloud Provisioning with Terraform A common Cloud Operating Model Self Service Provisioning Templates can be made available to any development team for self-provisioning Multi-Cloud Provisioning & Compliance Operations teams can enforce security & policy at provisioning time with Terraform Enterprise
Cloud Provisioning with Terraform A common Cloud Operating Model Before Developer or CI / CD System TF CLI TF Template
Cloud Provisioning with Terraform A common Cloud Operating Model Codified policies enforce security, compliance, and operational best practices across all cloud provisioning Before Developer or CI / CD System TF CLI TF Template After Developer or CI / CD System TF CLI TF Template TFE ■ Policy ■ Governance
Terraform Provides the foundation for cloud infrastructure automation using infrastructure as code for provisioning and compliance in the cloud operating model Multi-Cloud Compliance & Management to provision and manage any infrastructure with one workflow Self-Service infrastructure for users to easily provision infrastructure on-demand with a library of approved infrastructure modules 300+ Customers 100K+ Weekly D/Ls 200 Providers Trusted by:
Private Cloud Cloud Security with Vault A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
Vault Provides the foundation for cloud security that leverages trusted sources of identity to keep secrets and application data secure in the cloud operating model Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure. 300+ Enterprise Customers 1M+ Monthly D/Ls 2T+ Transactions Trusted by:
Private Cloud Cloud Networking with Consul A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
Traditional Networking A common Cloud Operating Model A. Provision load-balancers to create static IP B. Artifact deployed C. Firewall rule updated to allow traffic Average time to traffic ~ 6 weeks Load balancer sprawl ($$!) but also as single point of failure for each service
Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ○ From IP-Address to Name ○ Services register and discover each other. Consul server maintains the map of service location
Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ○ From IP-Address to Name ○ Services register and discover each other. Consul server maintains the map of service location ○ Consul enables routing directly to services
Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ● Service Segmentation for Security ○ Consul Connect enables service-to-service communication ○ Foundation of zero-trust model ■ “Service Mesh”
Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ● Service Segmentation for Security ○ Consul Connect enables service-to-service communication ○ Foundation of zero-trust model ■ “Service Mesh” A common service registry across heterogeneous environments is the basis for multi-cloud service networking
Consul Provides the foundation for cloud network automation as a central service registry for service-based networking in the cloud operating model 50k+ Used at scale with 50k+ agents 1M+ Monthly D/Ls Service registry & health monitoring to provide a real-time directory of all services with their health status Network middleware automation with service discovery for dynamic reconfiguration as services scale up, down or move Zero trust network with service mesh to enable identity-based security enforced at the endpoints via sidecar proxies Trusted by:
Private Cloud Cloud Scheduling with Nomad A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
Principle: Application Orchestration Vault enables applications and operators to leverage trusted identities and use Vault to broker access to different clouds, systems, and endpoints.Nomad helps deploy containerized, virtualized or standalone applications on cloud, on-premise or hybrid infrastructure, with built-in reliability and security
Nomad Use Cases A common Cloud Operating Model Flexible Container & Workload Organization Deploy and manage any containerized, legacy, or batch application. Multi-Cloud Workload Management Safely manage workloads across regions and cloud providers Efficient Resource Utilization Increase resource utilization, reduce fleet sizes, and cut costs.
Nomad Provides the foundation for cloud application automation by enabling workload orchestration in the cloud operating model Container Orchestration for deploying, managing and scaling containerized applications Legacy Application Orchestration to containerize, deploy and manage legacy apps on existing infrastructure Batch Workload Orchestration to enable ML, AI, data science and other intensive workloads in high performance computing (HPC) scenarios Trusted by: 4.7k+ GitHub Stars 20k+ Monthly D/Ls
A Common Cloud Operating Model to Accelerate Application Delivery App ?
A Common Cloud Operating Model to Accelerate Application Delivery App Operations
A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security
A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking
A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking Development App
A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking Development App GOVERNANCE POLICY
© 2018 HashiCorp Vault Cloud Security Automation
Securing a datacenter was easy... ● All unauthorized traffic or access could be restricted/blocked ● Networks were trusted and apps and databases can interconnect with ease ● Four walls and trusted network protected secrets and sensitive information But what happens when your apps and infrastructure extend to the multiple datacenters, cloud, or all the above?
Reimagining the stack The implications of the Cloud Operating Model Run Development Dedicated Infrastructure Scheduled across the fleet Connect Networking Host-based Dynamic IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
The Cloud Landscape In search of a common model across multi-cloud environments Run Development Connect Networking Secure Security Provision Operations DEDICATED PRIVATE CLOUD vSphere Hardware IP: Hardware vCenter vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager AWS AZURE GCP
1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles API Driven Use policy to codify, protect, and automate access to secrets. $ curl --header "X-Vault-Token: ..." --request POST --data @payload .json https ://127.0.0.1:8200/v1/secret/config 47
1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles Secure with any Identity Leverage any trusted identity provider, such as cloud IAM platforms, Kubernetes, Active Directory, to authenticate into Vault. 48
1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles Extend and Integrate Request secrets for any system through one consistent, audited, and secured workflow. 49
© 2018 HashiCorpVAULT PRINCIPLE 50 Guiding Principle: Identity Brokering ● Authenticate and access different clouds, systems, and endpoints using trusted identities ● Leverage multiple identities across different platforms with single policy enforcement ● Integrate trusted identities in the same application workflow to reduce operational overhead
Vault Provides the foundation for cloud security that leverages trusted sources of identity to keep secrets and application data secure in the cloud operating model Identity of requester authenticated against any identity model prior to granting access Policies defined by the Security team and enforced at runtime.
© 2018 HashiCorp Use Case Secrets Management VAULT ADOPTION 52
© 2018 HashiCorpUSE CASE: SECRETS MANAGEMENT Secrets for applications and systems need to be centralized and static IP-based solutions don't scale in dynamic environments with frequently changing applications and machines. BEFORE ● Reduced productivity from secret sprawl and configuration complexity ● Increased cost with redundant management and difficulty in adopting new systems ● Increased risk with more complexity, thereby increasing the threat surface and risking non-compliance with major regulatory laws and requirements The ChallengeUse Case: Secrets Management Centrally store, access and distribute dynamic secrets across applications, systems, and infrastructure. 53
© 2018 HashiCorp Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity. AFTER ● Increase productivity & reduce time to deploy security workflows with centralized management ● Control costs with automated compliance and policy management, controls to support teams to self-manage their own environments ● Reduce risk with dynamic secrets, control groups, and other tools to allow Vault to conduct security operations while protecting sensitive information in flight and at rest. The SolutionUse Case: Secrets Management Centrally store, access and distribute dynamic secrets across applications, systems, and infrastructure. USE CASE: SECRETS MANAGEMENT 54
© 2018 HashiCorp Use Case Data Encryption VAULT ADOPTION 55
© 2018 HashiCorpUSE CASE: DATA ENCRYPTION All application data should be encrypted, but deploying cryptography and key management infrastructure is expensive, hard to develop against, and not cloud or multi-datacenter friendly. BEFORE ● Increased costs around HSMs and support ● Reduced productivity with multiple workflows/APIs to learn cryptographic standards across an organization and different projects and restricted access to HSMs ● Increased risk with multiple attack surfaces to intercept and steal sensitive data The ChallengeUse Case: Data Protection Protect sensitive data with centralized key management and simple APIs for data encryption. 56
© 2018 HashiCorpUSE CASE: DATA ENCRYPTION Vault provides encryption as a service with centralized key management to simplify encrypting data in transit and at rest across clouds and datacenters. AFTER ● Reduce costs around expensive HSMs and licensing ● Increase productivity and revenue with a consistent workflow and cryptographic standards across an organization ● Reduce risk of data exposure by encrypting sensitive data in transit and at rest using centrally managed and secured encryption keys in Vault, all through a single workflow and API The SolutionUse Case: Data Protection Protect sensitive data with centralized key management and simple APIs for data encryption. 57
© 2018 HashiCorp Vault Architecture 58
Vault Components
© 2018 HashiCorp Unsealing Vault 60
© 2018 HashiCorpVAULT UNSEAL Shamir’s Secret Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ Split Master Key into N shares ▪ K shares to re-compute Master ▪ Quorum of key holders required to unseal ▪ Default K:5, T:3 Shared keys Master keys Encrypted keys 61
© 2018 HashiCorpVAULT UNSEAL Automated Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ HSM encryption key protects master key ▪ Communication with HSM via PKCS11 API to decrypt Master Key HSM key Master keys Encrypted keys PKCS11 62
© 2018 HashiCorpVAULT UNSEAL Cloud Key Service Automated Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ Cloud based encryption key protects master key ▪ Supported cloud services: ▪ Google Cloud Key Management Services ▪ AWS Key Management Services ▪ AliCloud ▪ Azure Key Vault Cloud based key Master keys Encrypted keys 63
© 2018 HashiCorp Deploying Vault 64
© 2018 HashiCorp Vault Cluster Architecture Active StandbyStandby Production VAULT CLUSTER ARCHITECTURE 65
© 2018 HashiCorp Vault Cluster Architecture VAULT CLUSTER ARCHITECTURE 66
© 2018 HashiCorpDISASTER RECOVERY REPLICATION Multi-site replication topology Active Standby Active Standby Active Standby Active Standby Active Standby Active Standby Performance Replication PerformanceReplication DR Replication DR Replication DR Replication Active Cluster Standby Cluster 67
© 2018 HashiCorp About Vault 68
© 2018 HashiCorpVAULT ADOPTION About Vault 250+ Enterprise Customers Worldwide 1M+ Monthly Downloads 10.4K+ Github Stars 2T+ Transactions Product Launch2014 69
© 2018 HashiCorp ORGANIZATIONAL COMPLEXITY OPEN SOURCE AND ENTERPRISE Vault Adoption Enterprise products build on open source to address organizational complexity. Adoption Open Source Enterprise Advanced Scale Strategic 70 Secrets, identity, and policy management Governance & Policy Multi-datacenter & Scale Secrets, identity, and policy management Advanced Data Protection Secrets, identity, and policy management
© 2018 HashiCorpOPEN SOURCE AND ENTERPRISE Vault Packages Enterprise products build on open source to address organizational complexity. ORGANIZATIONAL COMPLEXITY Secrets, identity, and policy management INDIVIDUALS Open Source Enterprise Platform TEAMS SUPPORT Secrets, identity, and policy management Collaboration & Operations Enterprise Modules ORGANIZATIONS SUPPORT Secrets, identity, and policy management Collaboration & Operations Governance & Multi-datacenter 71
www.hashicorp.com hello@hashicorp.com Thank you

Recommended

Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product Overview
Stenio Ferreira
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
Stenio Ferreira
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Kangaroot
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
Yuechuan (Mike) Chen
 
Introducing Vault
Introducing VaultIntroducing Vault
Introducing Vault
Ramit Surana
 

Recommended

Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product Overview
Stenio Ferreira
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
Stenio Ferreira
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18Hashicorp Vault: Open Source Secrets Management at #OPEN18
Hashicorp Vault: Open Source Secrets Management at #OPEN18
Kangaroot
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
Yuechuan (Mike) Chen
 
Introducing Vault
Introducing VaultIntroducing Vault
Introducing Vault
Ramit Surana
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
Amazon Web Services
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
Michał Czeraszkiewicz
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018Amazon Web Services Korea
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, Tools
Mitchell Pronschinske
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
Alex Schoof
 
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Amazon Web Services Korea
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Centralized logging
Centralized loggingCentralized logging
Centralized logging
blessYahu
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
Knoldus Inc.
 
Vault
VaultVault
Vault
Jean-Philippe Bélanger
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
Mitchell Pronschinske
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
Ashnikbiz
 

More Related Content

What's hot

Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
Amazon Web Services
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
Michał Czeraszkiewicz
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
Frans Sauermann
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018Amazon Web Services Korea
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, Tools
Mitchell Pronschinske
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
Alex Schoof
 
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Amazon Web Services Korea
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Centralized logging
Centralized loggingCentralized logging
Centralized logging
blessYahu
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
Amazon Web Services
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
Knoldus Inc.
 
Vault
VaultVault
Vault
Jean-Philippe Bélanger
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 

What's hot (20)

Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
COSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero TrustCOSAC 2021 presentation - AWS Zero Trust
COSAC 2021 presentation - AWS Zero Trust
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
AWS KMS를 활용하여 안전한 AWS 환경을 구축하기 위한 전략::임기성::AWS Summit Seoul 2018
 
Unlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, ToolsUnlocking the Cloud Operating Model: People, Process, Tools
Unlocking the Cloud Operating Model: People, Process, Tools
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
Cloud Migration 과 Modernization 을 위한 30가지 아이디어-박기흥, AWS Migrations Specialist...
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Centralized logging
Centralized loggingCentralized logging
Centralized logging
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
Vault
VaultVault
Vault
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 

Similar to Hashicorp Vault - OPEN Public Sector

Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
Mitchell Pronschinske
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
Ashnikbiz
 
Cloud computing
Cloud computingCloud computing
Cloud computing
حيدر نافع nafaa
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
MarketingArrowECS_CZ
 
XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
sangam biradar
 
Cloud computing What Why How
Cloud computing What Why HowCloud computing What Why How
Cloud computing What Why How
Asian Institute of Technology (AIT)
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS Cloud
Amazon Web Services
 
Innovation anywhere with microsoft azure arc
Innovation anywhere with microsoft azure arcInnovation anywhere with microsoft azure arc
Innovation anywhere with microsoft azure arc
GoviccaSihombing
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWS
Tom Laszewski
 
One And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptxOne And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptx
Avi Networks
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
Mitchell Pronschinske
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Intro to cloud.pdf
Intro to cloud.pdfIntro to cloud.pdf
Intro to cloud.pdf
SawanBhattacharya
 
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSre:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
Anuj Dewangan
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
Mohamed Wali
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
Amazon Web Services
 
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Amazon Web Services
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
Amazon Web Services
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
SurajThapa79
 
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
Amazon Web Services
 

Similar to Hashicorp Vault - OPEN Public Sector (20)

Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
 
Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2Securing Your CI Pipeline with HashiCorp Vault - P2
Securing Your CI Pipeline with HashiCorp Vault - P2
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
 
XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
 
Cloud computing What Why How
Cloud computing What Why HowCloud computing What Why How
Cloud computing What Why How
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS Cloud
 
Innovation anywhere with microsoft azure arc
Innovation anywhere with microsoft azure arcInnovation anywhere with microsoft azure arc
Innovation anywhere with microsoft azure arc
 
Operating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWSOperating and Managing Hybrid Cloud on AWS
Operating and Managing Hybrid Cloud on AWS
 
One And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptxOne And Done Multi-Cloud Load Balancing Done Right.pptx
One And Done Multi-Cloud Load Balancing Done Right.pptx
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Intro to cloud.pdf
Intro to cloud.pdfIntro to cloud.pdf
Intro to cloud.pdf
 
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWSre:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
re:Invent 2019 ARC217-R: Operating and managing hybrid cloud on AWS
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
Learn How Salesforce used ADCs for App Load Balancing for an International Ro...
 
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
MSC202_Learn How Salesforce Used ADCs for App Load Balancing for an Internati...
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptx
 
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
AWS Summit 2013 | Singapore - NetApp Private Storage for AWS with Equinix, Pr...
 

More from Kangaroot

So you think you know SUSE?
So you think you know SUSE?So you think you know SUSE?
So you think you know SUSE?
Kangaroot
 
Live demo: Protect your Data
Live demo: Protect your DataLive demo: Protect your Data
Live demo: Protect your Data
Kangaroot
 
RootStack - Devfactory
RootStack - DevfactoryRootStack - Devfactory
RootStack - Devfactory
Kangaroot
 
Welcome at OPEN'22
Welcome at OPEN'22Welcome at OPEN'22
Welcome at OPEN'22
Kangaroot
 
EDB Postgres in Public Sector
EDB Postgres in Public SectorEDB Postgres in Public Sector
EDB Postgres in Public Sector
Kangaroot
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
Kangaroot
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted.
Kangaroot
 
Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}
Kangaroot
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headaches
Kangaroot
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Kangaroot
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
Kangaroot
 
There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”
Kangaroot
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Kangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontracten
Kangaroot
 
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
Kangaroot
 
Kangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefield
Kangaroot
 
Kubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by Kangaroot
Kangaroot
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
10 - MongoDB
10 - MongoDB10 - MongoDB
10 - MongoDB
Kangaroot
 

More from Kangaroot (20)

So you think you know SUSE?
So you think you know SUSE?So you think you know SUSE?
So you think you know SUSE?
 
Live demo: Protect your Data
Live demo: Protect your DataLive demo: Protect your Data
Live demo: Protect your Data
 
RootStack - Devfactory
RootStack - DevfactoryRootStack - Devfactory
RootStack - Devfactory
 
Welcome at OPEN'22
Welcome at OPEN'22Welcome at OPEN'22
Welcome at OPEN'22
 
EDB Postgres in Public Sector
EDB Postgres in Public SectorEDB Postgres in Public Sector
EDB Postgres in Public Sector
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted.
 
Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headaches
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Kangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontracten
 
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
 
Kangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefield
 
Kubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by Kangaroot
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
10 - MongoDB
10 - MongoDB10 - MongoDB
10 - MongoDB
 

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Hashicorp Vault - OPEN Public Sector

  • 1. © 2018 HashiCorp Vault Cloud Security Automation
  • 2. About HashiCorp Leading Cloud Infrastructure Automation Founded 2012 Employees 700 Funding 174M Our software stack enables the provisioning, securing, connecting and running of apps and the infrastructure to support them. We unlock the cloud operating model for every business and enable their digital transformation strategies to succeed.
  • 4. The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + +
  • 5. The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + + “Tickets-based” “Self service”
  • 6. The Transition to Cloud and Multi-Cloud Traditional Datacenter “Static” Modern Datacenter “Dynamic” Dedicated Infrastructure Private Cloud AWS Azure GCP ...+ + + SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT “Tickets-based” “Self service”
  • 7. Digital experiences are now the primary interface between a customer and a business, or business and business. Experiences are typically device- and cloud-first: rich, personal interface, with large scale data processing and intelligence. Cloud adoption is a secular trend This patterns demands a change in the model for software delivery to meet delivery goals, and transformation objectives. Digital transformation means pressure on application delivery
  • 8. Accelerating Application Delivery Facets of delivering applications in a multi cloud world Volume and distribution of services Ephemerality and immutability Multiple target environments ? App App
  • 10. Reimagining the stack The implications of the Cloud Operating Model Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
  • 11. Reimagining the stack The implications of the Cloud Operating Model Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
  • 12. Reimagining the stack The implications of the Cloud Operating Model Connect Networking Host-based Static IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
  • 13. Reimagining the stack The implications of the Cloud Operating Model Run Development Dedicated Infrastructure Scheduled across the fleet Connect Networking Host-based Static IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
  • 14. The Cloud Landscape In search of a common model across multi-cloud environments Run Development Connect Networking Secure Security Provision Operations DEDICATED PRIVATE CLOUD vSphere Hardware IP: Hardware vCenter vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager AWS AZURE GCP
  • 15. The HashiCorp Stack A control plane for every layer of the cloud operating model Run Development Connect Networking Secure Security Provision Operations PRIVATE CLOUD AWS AZURE GCP
  • 16. Private Cloud Cloud Provisioning with Terraform A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
  • 17. Cloud Provisioning with Terraform A common Cloud Operating Model Core + Provider Model ● Expose the unique services of each infrastructure platform, but provide a consistent workflow
  • 18. Cloud Provisioning with Terraform A common Cloud Operating Model Core + Provider Model ● Expose the unique services of each infrastructure platform, but provide a consistent workflow ● 200+ Providers exist for any infrastructure or application element i. Enabled by the open source model of 1200+ contributors
  • 19. Cloud Provisioning with Terraform A common Cloud Operating Model A single Terraform template contains the entire infrastructure topology ● Platform services AND the configuration of any dependencies i. eg. 4 AWS services plus k8s
  • 20. Cloud Provisioning with Terraform A common Cloud Operating Model Self Service Provisioning Templates can be made available to any development team for self-provisioning Multi-Cloud Provisioning & Compliance Operations teams can enforce security & policy at provisioning time with Terraform Enterprise
  • 21. Cloud Provisioning with Terraform A common Cloud Operating Model Before Developer or CI / CD System TF CLI TF Template
  • 22. Cloud Provisioning with Terraform A common Cloud Operating Model Codified policies enforce security, compliance, and operational best practices across all cloud provisioning Before Developer or CI / CD System TF CLI TF Template After Developer or CI / CD System TF CLI TF Template TFE ■ Policy ■ Governance
  • 23. Terraform Provides the foundation for cloud infrastructure automation using infrastructure as code for provisioning and compliance in the cloud operating model Multi-Cloud Compliance & Management to provision and manage any infrastructure with one workflow Self-Service infrastructure for users to easily provision infrastructure on-demand with a library of approved infrastructure modules 300+ Customers 100K+ Weekly D/Ls 200 Providers Trusted by:
  • 24. Private Cloud Cloud Security with Vault A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
  • 25. Vault Provides the foundation for cloud security that leverages trusted sources of identity to keep secrets and application data secure in the cloud operating model Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure. 300+ Enterprise Customers 1M+ Monthly D/Ls 2T+ Transactions Trusted by:
  • 26. Private Cloud Cloud Networking with Consul A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
  • 27. Traditional Networking A common Cloud Operating Model A. Provision load-balancers to create static IP B. Artifact deployed C. Firewall rule updated to allow traffic Average time to traffic ~ 6 weeks Load balancer sprawl ($$!) but also as single point of failure for each service
  • 28. Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ○ From IP-Address to Name ○ Services register and discover each other. Consul server maintains the map of service location
  • 29. Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ○ From IP-Address to Name ○ Services register and discover each other. Consul server maintains the map of service location ○ Consul enables routing directly to services
  • 30. Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ● Service Segmentation for Security ○ Consul Connect enables service-to-service communication ○ Foundation of zero-trust model ■ “Service Mesh”
  • 31. Networking with Consul A common Cloud Operating Model ● Service Registry enables Routing ● Service Segmentation for Security ○ Consul Connect enables service-to-service communication ○ Foundation of zero-trust model ■ “Service Mesh” A common service registry across heterogeneous environments is the basis for multi-cloud service networking
  • 32. Consul Provides the foundation for cloud network automation as a central service registry for service-based networking in the cloud operating model 50k+ Used at scale with 50k+ agents 1M+ Monthly D/Ls Service registry & health monitoring to provide a real-time directory of all services with their health status Network middleware automation with service discovery for dynamic reconfiguration as services scale up, down or move Zero trust network with service mesh to enable identity-based security enforced at the endpoints via sidecar proxies Trusted by:
  • 33. Private Cloud Cloud Scheduling with Nomad A common Cloud Operating Model AWS Azure GCP Provision Operations Secure Security Connect Networking Run Development
  • 34. Principle: Application Orchestration Vault enables applications and operators to leverage trusted identities and use Vault to broker access to different clouds, systems, and endpoints.Nomad helps deploy containerized, virtualized or standalone applications on cloud, on-premise or hybrid infrastructure, with built-in reliability and security
  • 35. Nomad Use Cases A common Cloud Operating Model Flexible Container & Workload Organization Deploy and manage any containerized, legacy, or batch application. Multi-Cloud Workload Management Safely manage workloads across regions and cloud providers Efficient Resource Utilization Increase resource utilization, reduce fleet sizes, and cut costs.
  • 36. Nomad Provides the foundation for cloud application automation by enabling workload orchestration in the cloud operating model Container Orchestration for deploying, managing and scaling containerized applications Legacy Application Orchestration to containerize, deploy and manage legacy apps on existing infrastructure Batch Workload Orchestration to enable ML, AI, data science and other intensive workloads in high performance computing (HPC) scenarios Trusted by: 4.7k+ GitHub Stars 20k+ Monthly D/Ls
  • 37. A Common Cloud Operating Model to Accelerate Application Delivery App ?
  • 38. A Common Cloud Operating Model to Accelerate Application Delivery App Operations
  • 39. A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security
  • 40. A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking
  • 41. A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking Development App
  • 42. A Common Cloud Operating Model to Accelerate Application Delivery App Operations Security Networking Development App GOVERNANCE POLICY
  • 43. © 2018 HashiCorp Vault Cloud Security Automation
  • 44. Securing a datacenter was easy... ● All unauthorized traffic or access could be restricted/blocked ● Networks were trusted and apps and databases can interconnect with ease ● Four walls and trusted network protected secrets and sensitive information But what happens when your apps and infrastructure extend to the multiple datacenters, cloud, or all the above?
  • 45. Reimagining the stack The implications of the Cloud Operating Model Run Development Dedicated Infrastructure Scheduled across the fleet Connect Networking Host-based Dynamic IP Service-based Dynamic IP Secure Security High trust IP-based Low trust Identity-based Provision Operations Dedicated servers Homogeneous Capacity on-demand Heterogeneous STATIC DYNAMIC
  • 46. The Cloud Landscape In search of a common model across multi-cloud environments Run Development Connect Networking Secure Security Provision Operations DEDICATED PRIVATE CLOUD vSphere Hardware IP: Hardware vCenter vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager AWS AZURE GCP
  • 47. 1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles API Driven Use policy to codify, protect, and automate access to secrets. $ curl --header "X-Vault-Token: ..." --request POST --data @payload .json https ://127.0.0.1:8200/v1/secret/config 47
  • 48. 1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles Secure with any Identity Leverage any trusted identity provider, such as cloud IAM platforms, Kubernetes, Active Directory, to authenticate into Vault. 48
  • 49. 1 2 3 © 2018 HashiCorpVAULT PRINCIPLES Vault Principles Extend and Integrate Request secrets for any system through one consistent, audited, and secured workflow. 49
  • 50. © 2018 HashiCorpVAULT PRINCIPLE 50 Guiding Principle: Identity Brokering ● Authenticate and access different clouds, systems, and endpoints using trusted identities ● Leverage multiple identities across different platforms with single policy enforcement ● Integrate trusted identities in the same application workflow to reduce operational overhead
  • 51. Vault Provides the foundation for cloud security that leverages trusted sources of identity to keep secrets and application data secure in the cloud operating model Identity of requester authenticated against any identity model prior to granting access Policies defined by the Security team and enforced at runtime.
  • 52. © 2018 HashiCorp Use Case Secrets Management VAULT ADOPTION 52
  • 53. © 2018 HashiCorpUSE CASE: SECRETS MANAGEMENT Secrets for applications and systems need to be centralized and static IP-based solutions don't scale in dynamic environments with frequently changing applications and machines. BEFORE ● Reduced productivity from secret sprawl and configuration complexity ● Increased cost with redundant management and difficulty in adopting new systems ● Increased risk with more complexity, thereby increasing the threat surface and risking non-compliance with major regulatory laws and requirements The ChallengeUse Case: Secrets Management Centrally store, access and distribute dynamic secrets across applications, systems, and infrastructure. 53
  • 54. © 2018 HashiCorp Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity. AFTER ● Increase productivity & reduce time to deploy security workflows with centralized management ● Control costs with automated compliance and policy management, controls to support teams to self-manage their own environments ● Reduce risk with dynamic secrets, control groups, and other tools to allow Vault to conduct security operations while protecting sensitive information in flight and at rest. The SolutionUse Case: Secrets Management Centrally store, access and distribute dynamic secrets across applications, systems, and infrastructure. USE CASE: SECRETS MANAGEMENT 54
  • 55. © 2018 HashiCorp Use Case Data Encryption VAULT ADOPTION 55
  • 56. © 2018 HashiCorpUSE CASE: DATA ENCRYPTION All application data should be encrypted, but deploying cryptography and key management infrastructure is expensive, hard to develop against, and not cloud or multi-datacenter friendly. BEFORE ● Increased costs around HSMs and support ● Reduced productivity with multiple workflows/APIs to learn cryptographic standards across an organization and different projects and restricted access to HSMs ● Increased risk with multiple attack surfaces to intercept and steal sensitive data The ChallengeUse Case: Data Protection Protect sensitive data with centralized key management and simple APIs for data encryption. 56
  • 57. © 2018 HashiCorpUSE CASE: DATA ENCRYPTION Vault provides encryption as a service with centralized key management to simplify encrypting data in transit and at rest across clouds and datacenters. AFTER ● Reduce costs around expensive HSMs and licensing ● Increase productivity and revenue with a consistent workflow and cryptographic standards across an organization ● Reduce risk of data exposure by encrypting sensitive data in transit and at rest using centrally managed and secured encryption keys in Vault, all through a single workflow and API The SolutionUse Case: Data Protection Protect sensitive data with centralized key management and simple APIs for data encryption. 57
  • 58. © 2018 HashiCorp Vault Architecture 58
  • 61. © 2018 HashiCorpVAULT UNSEAL Shamir’s Secret Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ Split Master Key into N shares ▪ K shares to re-compute Master ▪ Quorum of key holders required to unseal ▪ Default K:5, T:3 Shared keys Master keys Encrypted keys 61
  • 62. © 2018 HashiCorpVAULT UNSEAL Automated Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ HSM encryption key protects master key ▪ Communication with HSM via PKCS11 API to decrypt Master Key HSM key Master keys Encrypted keys PKCS11 62
  • 63. © 2018 HashiCorpVAULT UNSEAL Cloud Key Service Automated Vault Unsealing ▪ Protect Encryption Key with Master Key ▪ Cloud based encryption key protects master key ▪ Supported cloud services: ▪ Google Cloud Key Management Services ▪ AWS Key Management Services ▪ AliCloud ▪ Azure Key Vault Cloud based key Master keys Encrypted keys 63
  • 65. © 2018 HashiCorp Vault Cluster Architecture Active StandbyStandby Production VAULT CLUSTER ARCHITECTURE 65
  • 66. © 2018 HashiCorp Vault Cluster Architecture VAULT CLUSTER ARCHITECTURE 66
  • 67. © 2018 HashiCorpDISASTER RECOVERY REPLICATION Multi-site replication topology Active Standby Active Standby Active Standby Active Standby Active Standby Active Standby Performance Replication PerformanceReplication DR Replication DR Replication DR Replication Active Cluster Standby Cluster 67
  • 69. © 2018 HashiCorpVAULT ADOPTION About Vault 250+ Enterprise Customers Worldwide 1M+ Monthly Downloads 10.4K+ Github Stars 2T+ Transactions Product Launch2014 69
  • 70. © 2018 HashiCorp ORGANIZATIONAL COMPLEXITY OPEN SOURCE AND ENTERPRISE Vault Adoption Enterprise products build on open source to address organizational complexity. Adoption Open Source Enterprise Advanced Scale Strategic 70 Secrets, identity, and policy management Governance & Policy Multi-datacenter & Scale Secrets, identity, and policy management Advanced Data Protection Secrets, identity, and policy management
  • 71. © 2018 HashiCorpOPEN SOURCE AND ENTERPRISE Vault Packages Enterprise products build on open source to address organizational complexity. ORGANIZATIONAL COMPLEXITY Secrets, identity, and policy management INDIVIDUALS Open Source Enterprise Platform TEAMS SUPPORT Secrets, identity, and policy management Collaboration & Operations Enterprise Modules ORGANIZATIONS SUPPORT Secrets, identity, and policy management Collaboration & Operations Governance & Multi-datacenter 71