The document discusses the challenges of securing databases with static secrets in dynamic application environments. It proposes a solution using dynamic secrets, which are short-lived and per-instance, minimizing the impact of issues to individual instances and simplifying problem resolution. The content emphasizes the benefits of aligning secret lifetime with instance lifetime for improved security.

1. Securing Databases with Dynamic Credentials and Vault
Thomas Kula
Sr. Solutions Engineer
github.com/thomashashi/hashihang-dynamic-db-creds

2. Applications Stacks Are Changing
What used to work

3. Applications Stacks Are Changing
No longer scales

4. The Challenges
● Short-lived dynamic infrastructure shares long-lived static secrets
● A secrets problem with one instance is a problem for all instances
● Rolling out new secrets takes a long time - time you may not have
● Identifying the scope of problems is a challenge

5. The Solution: Dynamic Secrets
● Short-lived, per-instance credentials
● Secret lifetime matches instance lifetime
● A problem in a single instance affects only that instance
● Discovering the scope of problems is much easier

6. Securing Databases with Dynamic Credentials and Vault
DEMO

7. www.hashicorp.com
hello@hashicorp.com
Q & A

8. Securing Databases with Dynamic Credentials and Vault
Thomas Kula
Sr. Solutions Engineer
github.com/thomashashi/hashihang-dynamic-db-creds