SlideShare a Scribd company logo

Vault Secrets Via API for the REST of Us

Mitchell Pronschinske
Mitchell Pronschinske

In this solutions engineering hangout, HashiCorp solutions engineer John Boero will walk through the basics of managing Vault secrets and accessing REST APIs without having a binary CLI or UI. This talk will include some minimalist hotwired tricks for when you don't even have cURL. For example, you might be in a restrictive environment such as a minimalist container.

Software
1 of 12
Download to read offline
Copyright © 2018 HashiCorp Vault API for the REST of us How to access Vault whether you’re in a full stateful environment or a minimalist McGuyver sidecar. Version: 1119.18
Copyright © 2018 HashiCorp ⁄ REST API: Options 2
Copyright © 2018 HashiCorp ⁄ 1: CLI 2: HTTP 3: HTTPS 4: Binding 5: Other client 3
Copyright © 2018 HashiCorp ⁄ CLI Copyright © 2018 HashiCorp ⁄⁄ 4 Simplicity: Vault binary actually covers Server, Agent, CLI. Pros: Simplicity. Single binary does all. Parameter -output-curl-url can generate our REST call for learning curve. Help menu provided. Cons: Bulk: 127MB binary (Golang, no dependencies) Often too large for a sidecar or container environment. Golang CA chain caveats. Not always an option.
Copyright © 2018 HashiCorp ⁄ CLI to API 5 #!/bin/bash # Example vault override to convert script to curl commands. # Use this function to override vault for curl function vault { arg1=$1 shift /usr/local/bin/vault $arg1 -output-curl-string $@ } vault write auth/jwt/login role=test jwt=MYJWT vault write pki/issue/example common_name=test.com vault read kv/test $ batch.sh curl -X PUT -H "X-Vault-Token: $(vault print token)" -d '{"jwt":"MYJWT","role":"test"}' http:// 127.0.0.1:8200/v1/auth/jwt/login curl -X PUT -H "X-Vault-Token: $(vault print token)" -d '{"common_name":"test.com"}' http://127.0.0.1:8200/ v1/pki/issue/example curl -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/kv/test
Copyright © 2018 HashiCorp ⁄ HTTP or HTTPS Copyright © 2018 HashiCorp ⁄⁄ 6 Simplicity: Low overhead. Flexible Pros: Simplicity. Accessible with standard libs. Security via HTTPS Lightweight HTTP: access via Curl or /dev/tcp (bash only) Lightweight HTTPS: access via Curl or just OpenSSL client. Suitable for automation or wrappers. Cons: Great developer experience. Less easy as a user experience.
Copyright © 2018 HashiCorp ⁄ HTTP (raw /dev/tcp) 7 #!/bin/bash # Access raw Vault API without curl, wget, or vault binary. function vaultRaw { exec 3<>/dev/tcp/localhost/8200 cat <<EOF >&3 GET /$1 HTTP/1.1 Host: localhost:8200 X-Vault-Token: $VAULT_TOKEN Connection: close EOF cat <&3 } # Fetch health vaultRaw v1/sys/health # Fetch seal-status vaultRaw v1/sys/seal-status
Copyright © 2018 HashiCorp ⁄ HTTP (raw /dev/tcp) output 8 $ ./vault-raw-api.sh HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 01:40:36 GMT Content-Length: 298 Connection: close {"initialized":true,"sealed":false,"standby":false,"performance_standby":false,"replication_performance_mode":" disabled","replication_dr_mode":"disabled","server_time_utc": 1572918036,"version":"1.2.3+ent","cluster_name":"vault-cluster-e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104- bbf1eac855f5"} HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 01:40:36 GMT Content-Length: 242 Connection: close {"type":"shamir","initialized":true,"sealed":false,"t":1,"n":1,"progress": 0,"nonce":"","version":"1.2.3+ent","migration":false,"cluster_name":"vault-cluster- e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104-bbf1eac855f5","recovery_seal":false}
Copyright © 2018 HashiCorp ⁄ HTTPS (openssl s client) 9 #!/bin/bash -x # John Boero - a script to access Vault using only OpenSSL Client # ARG1 is your endpoint requested (GET by default) openssl s_client -quiet -connect localhost:8200 <<EOF GET /$1 HTTP/1.1 Host: localhost:8200 X-Vault-Token: $VAULT_TOKEN Connection: close EOF
Copyright © 2018 HashiCorp ⁄ HTTPS (openssl) output 10 $ ./vault-tls-example.sh v1/sys/health + openssl s_client -quiet -connect localhost:8200 Can't use SSL_get_servername depth=0 C = UK, L = London, O = Default Company Ltd, CN = localhost verify return:1 depth=0 C = UK, L = London, O = Default Company Ltd, CN = localhost verify return:1 HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 02:01:06 GMT Content-Length: 298 Connection: close {"initialized":true,"sealed":false,"standby":false,"performance_standby":false,"replication_performance_mode":" disabled","replication_dr_mode":"disabled","server_time_utc": 1572919266,"version":"1.2.3+ent","cluster_name":"vault-cluster-e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104- bbf1eac855f5"}
Copyright © 2018 HashiCorp ⁄ Bindings Copyright © 2018 HashiCorp ⁄⁄ 11 Simplicity: Native library wrappers for the languages you prefer. Community and supported libraries here: https://www.vaultproject.io/api/libraries.html Pros: Simplicity. Accessible with standard libs. Suitable for automation or wrappers. Simple learning curve. Cons: Library maintainers must keep up with server releases.
www.hashicorp.com hello@hashicorp.com Thank you

Recommended

Delivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefDelivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and Chef
Amanda MacLeod
 
Vault Agent and Vault 0.11 features
Vault Agent and Vault 0.11 featuresVault Agent and Vault 0.11 features
Vault Agent and Vault 0.11 features
Mitchell Pronschinske
 
Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New Features
Mitchell Pronschinske
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Mitchell Pronschinske
 
Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020
Bas Meijer
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
Conor Svensson
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CISecure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Mitchell Pronschinske
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
 

Recommended

Delivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and ChefDelivering Secret Zero: Vault AppRole with Terraform and Chef
Delivering Secret Zero: Vault AppRole with Terraform and Chef
Amanda MacLeod
 
Vault Agent and Vault 0.11 features
Vault Agent and Vault 0.11 featuresVault Agent and Vault 0.11 features
Vault Agent and Vault 0.11 features
Mitchell Pronschinske
 
Vault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New FeaturesVault 1.0: How to Auto-Unseal and Other New Features
Vault 1.0: How to Auto-Unseal and Other New Features
Mitchell Pronschinske
 
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Mitchell Pronschinske
 
Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020Keybase Vault Auto-Unseal HashiTalks2020
Keybase Vault Auto-Unseal HashiTalks2020
Bas Meijer
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
Conor Svensson
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CISecure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Mitchell Pronschinske
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
 
Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
Shrivatsa Upadhye
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with Ansible
Kevin Jones
 
Rein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS LambdaRein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS Lambda
Amanda MacLeod
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSAWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
smalltown
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Stenio Ferreira
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Mitchell Pronschinske
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaC
smalltown
 
Kubernetes scheduling and QoS
Kubernetes scheduling and QoSKubernetes scheduling and QoS
Kubernetes scheduling and QoS
Cloud Technology Experts
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
Thibault Charbonnier
 
Defining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps WayDefining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps Way
Weaveworks
 
NGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for Kubernetes
NGINX, Inc.
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
acogoluegnes
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
 
Kubernetes 101 and Fun
Kubernetes 101 and FunKubernetes 101 and Fun
Kubernetes 101 and Fun
QAware GmbH
 
Commodified IaC using Terraform Cloud
Commodified IaC using Terraform CloudCommodified IaC using Terraform Cloud
Commodified IaC using Terraform Cloud
Marko Bevc
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
NGINX, Inc.
 
Ingress overview
Ingress overviewIngress overview
Ingress overview
Harshal Shah
 
NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEA
NGINX, Inc.
 
What’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEAWhat’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEA
NGINX, Inc.
 
Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
danrot
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
Jeff Jones
 

More Related Content

What's hot

Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
Shrivatsa Upadhye
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with Ansible
Kevin Jones
 
Rein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS LambdaRein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS Lambda
Amanda MacLeod
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSAWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
smalltown
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Stenio Ferreira
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Mitchell Pronschinske
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaC
smalltown
 
Kubernetes scheduling and QoS
Kubernetes scheduling and QoSKubernetes scheduling and QoS
Kubernetes scheduling and QoS
Cloud Technology Experts
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
Thibault Charbonnier
 
Defining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps WayDefining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps Way
Weaveworks
 
NGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for Kubernetes
NGINX, Inc.
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
acogoluegnes
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
 
Kubernetes 101 and Fun
Kubernetes 101 and FunKubernetes 101 and Fun
Kubernetes 101 and Fun
QAware GmbH
 
Commodified IaC using Terraform Cloud
Commodified IaC using Terraform CloudCommodified IaC using Terraform Cloud
Commodified IaC using Terraform Cloud
Marko Bevc
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
NGINX, Inc.
 
Ingress overview
Ingress overviewIngress overview
Ingress overview
Harshal Shah
 
NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEA
NGINX, Inc.
 
What’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEAWhat’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEA
NGINX, Inc.
 

What's hot (20)

Securing AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi VaultSecuring AWS Accounts with Hashi Vault
Securing AWS Accounts with Hashi Vault
 
Deploying NGINX Plus with Ansible
Deploying NGINX Plus with AnsibleDeploying NGINX Plus with Ansible
Deploying NGINX Plus with Ansible
 
Rein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS LambdaRein in Your Cloud Costs with Terraform and AWS Lambda
Rein in Your Cloud Costs with Terraform and AWS Lambda
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWSAWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
AWS re:Invent re:Cap 2019: My ElasticSearch Journey on AWS
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
 
CDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaCCDK Meetup: Rule the World through IaC
CDK Meetup: Rule the World through IaC
 
Kubernetes scheduling and QoS
Kubernetes scheduling and QoSKubernetes scheduling and QoS
Kubernetes scheduling and QoS
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
 
Defining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps WayDefining & Enforcing Policies the GitOps Way
Defining & Enforcing Policies the GitOps Way
 
NGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for KubernetesNGINX Ingress Controller for Kubernetes
NGINX Ingress Controller for Kubernetes
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
 
Kubernetes 101 and Fun
Kubernetes 101 and FunKubernetes 101 and Fun
Kubernetes 101 and Fun
 
Commodified IaC using Terraform Cloud
Commodified IaC using Terraform CloudCommodified IaC using Terraform Cloud
Commodified IaC using Terraform Cloud
 
NGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEANGINX: Basics and Best Practices EMEA
NGINX: Basics and Best Practices EMEA
 
Ingress overview
Ingress overviewIngress overview
Ingress overview
 
NGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEANGINX Plus R20 Webinar EMEA
NGINX Plus R20 Webinar EMEA
 
What’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEAWhat’s New in NGINX Plus R16? – EMEA
What’s New in NGINX Plus R16? – EMEA
 

Similar to Vault Secrets Via API for the REST of Us

Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
danrot
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
Jeff Jones
 
Php through the eyes of a hoster confoo
Php through the eyes of a hoster confooPhp through the eyes of a hoster confoo
Php through the eyes of a hoster confoo
Combell NV
 
Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Combell NV
 
HTTP Caching and PHP
HTTP Caching and PHPHTTP Caching and PHP
HTTP Caching and PHP
David de Boer
 
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
Codemotion
 
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
Thijs Feryn
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversTatsuhiko Miyagawa
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
Hyun-Mook Choi
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
Apigee | Google Cloud
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxies
LibbySchulze
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
 
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
CodeOps Technologies LLP
 
ApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
ApacheConNA 2015: Apache httpd 2.4 Reverse ProxyApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
ApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
Jim Jagielski
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIs
Claire Hunsaker
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 

Similar to Vault Secrets Via API for the REST of Us (20)

Caching the Uncacheable
Caching the UncacheableCaching the Uncacheable
Caching the Uncacheable
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
Php through the eyes of a hoster confoo
Php through the eyes of a hoster confooPhp through the eyes of a hoster confoo
Php through the eyes of a hoster confoo
 
Plack at YAPC::NA 2010
Plack at YAPC::NA 2010Plack at YAPC::NA 2010
Plack at YAPC::NA 2010
 
Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11
 
HTTP Caching and PHP
HTTP Caching and PHPHTTP Caching and PHP
HTTP Caching and PHP
 
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Thijs Feryn - Codemotion Rome 2018
 
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
Leverage HTTP to deliver cacheable websites - Codemotion Rome 2018
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
 
Php version 5
Php version 5Php version 5
Php version 5
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxies
 
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участияГод в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
 
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
 
ApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
ApacheConNA 2015: Apache httpd 2.4 Reverse ProxyApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
ApacheConNA 2015: Apache httpd 2.4 Reverse Proxy
 
PSGI/Plack OSDC.TW
PSGI/Plack OSDC.TWPSGI/Plack OSDC.TW
PSGI/Plack OSDC.TW
 
Securing REST APIs
Securing REST APIsSecuring REST APIs
Securing REST APIs
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 

More from Mitchell Pronschinske

Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
Mitchell Pronschinske
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
Mitchell Pronschinske
 
Code quality for Terraform
Code quality for TerraformCode quality for Terraform
Code quality for Terraform
Mitchell Pronschinske
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Mitchell Pronschinske
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Mitchell Pronschinske
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorp
Mitchell Pronschinske
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corp
Mitchell Pronschinske
 
Vault 1.5 Overview
Vault 1.5 OverviewVault 1.5 Overview
Vault 1.5 Overview
Mitchell Pronschinske
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloud
Mitchell Pronschinske
 
Military Edge Computing with Vault and Consul
Military Edge Computing with Vault and ConsulMilitary Edge Computing with Vault and Consul
Military Edge Computing with Vault and Consul
Mitchell Pronschinske
 
Unlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub ActionsUnlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub Actions
Mitchell Pronschinske
 
Vault 1.4 integrated storage overview
Vault 1.4 integrated storage overviewVault 1.4 integrated storage overview
Vault 1.4 integrated storage overview
Mitchell Pronschinske
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
Mitchell Pronschinske
 
Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)
Mitchell Pronschinske
 
Governance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad ClusterGovernance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad Cluster
Mitchell Pronschinske
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
Mitchell Pronschinske
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: Deployment
Mitchell Pronschinske
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Modern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with NomadModern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with Nomad
Mitchell Pronschinske
 
Moving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on AzureMoving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on Azure
Mitchell Pronschinske
 

More from Mitchell Pronschinske (20)

Getting Started with Kubernetes and Consul
Getting Started with Kubernetes and ConsulGetting Started with Kubernetes and Consul
Getting Started with Kubernetes and Consul
 
Multi-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul ConnectMulti-Cloud with Nomad and Consul Connect
Multi-Cloud with Nomad and Consul Connect
 
Code quality for Terraform
Code quality for TerraformCode quality for Terraform
Code quality for Terraform
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD PipelinesDynamic Azure Credentials for Applications and CI/CD Pipelines
Dynamic Azure Credentials for Applications and CI/CD Pipelines
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on AzureMigrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
 
Empowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorpEmpowering developers and operators through Gitlab and HashiCorp
Empowering developers and operators through Gitlab and HashiCorp
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corp
 
Vault 1.5 Overview
Vault 1.5 OverviewVault 1.5 Overview
Vault 1.5 Overview
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloud
 
Military Edge Computing with Vault and Consul
Military Edge Computing with Vault and ConsulMilitary Edge Computing with Vault and Consul
Military Edge Computing with Vault and Consul
 
Unlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub ActionsUnlocking the Cloud operating model with GitHub Actions
Unlocking the Cloud operating model with GitHub Actions
 
Vault 1.4 integrated storage overview
Vault 1.4 integrated storage overviewVault 1.4 integrated storage overview
Vault 1.4 integrated storage overview
 
Unlocking the Cloud Operating Model
Unlocking the Cloud Operating ModelUnlocking the Cloud Operating Model
Unlocking the Cloud Operating Model
 
Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)Cisco ACI with HashiCorp Terraform (APAC)
Cisco ACI with HashiCorp Terraform (APAC)
 
Governance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad ClusterGovernance for Multiple Teams Sharing a Nomad Cluster
Governance for Multiple Teams Sharing a Nomad Cluster
 
Integrating Terraform and Consul
Integrating Terraform and ConsulIntegrating Terraform and Consul
Integrating Terraform and Consul
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: Deployment
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
 
Modern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with NomadModern Scheduling for Modern Applications with Nomad
Modern Scheduling for Modern Applications with Nomad
 
Moving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on AzureMoving to a Microservice World: Leveraging Consul on Azure
Moving to a Microservice World: Leveraging Consul on Azure
 

Recently uploaded

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 

Recently uploaded (20)

AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 

Vault Secrets Via API for the REST of Us

  • 1. Copyright © 2018 HashiCorp Vault API for the REST of us How to access Vault whether you’re in a full stateful environment or a minimalist McGuyver sidecar. Version: 1119.18
  • 2. Copyright © 2018 HashiCorp ⁄ REST API: Options 2
  • 3. Copyright © 2018 HashiCorp ⁄ 1: CLI 2: HTTP 3: HTTPS 4: Binding 5: Other client 3
  • 4. Copyright © 2018 HashiCorp ⁄ CLI Copyright © 2018 HashiCorp ⁄⁄ 4 Simplicity: Vault binary actually covers Server, Agent, CLI. Pros: Simplicity. Single binary does all. Parameter -output-curl-url can generate our REST call for learning curve. Help menu provided. Cons: Bulk: 127MB binary (Golang, no dependencies) Often too large for a sidecar or container environment. Golang CA chain caveats. Not always an option.
  • 5. Copyright © 2018 HashiCorp ⁄ CLI to API 5 #!/bin/bash # Example vault override to convert script to curl commands. # Use this function to override vault for curl function vault { arg1=$1 shift /usr/local/bin/vault $arg1 -output-curl-string $@ } vault write auth/jwt/login role=test jwt=MYJWT vault write pki/issue/example common_name=test.com vault read kv/test $ batch.sh curl -X PUT -H "X-Vault-Token: $(vault print token)" -d '{"jwt":"MYJWT","role":"test"}' http:// 127.0.0.1:8200/v1/auth/jwt/login curl -X PUT -H "X-Vault-Token: $(vault print token)" -d '{"common_name":"test.com"}' http://127.0.0.1:8200/ v1/pki/issue/example curl -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/kv/test
  • 6. Copyright © 2018 HashiCorp ⁄ HTTP or HTTPS Copyright © 2018 HashiCorp ⁄⁄ 6 Simplicity: Low overhead. Flexible Pros: Simplicity. Accessible with standard libs. Security via HTTPS Lightweight HTTP: access via Curl or /dev/tcp (bash only) Lightweight HTTPS: access via Curl or just OpenSSL client. Suitable for automation or wrappers. Cons: Great developer experience. Less easy as a user experience.
  • 7. Copyright © 2018 HashiCorp ⁄ HTTP (raw /dev/tcp) 7 #!/bin/bash # Access raw Vault API without curl, wget, or vault binary. function vaultRaw { exec 3<>/dev/tcp/localhost/8200 cat <<EOF >&3 GET /$1 HTTP/1.1 Host: localhost:8200 X-Vault-Token: $VAULT_TOKEN Connection: close EOF cat <&3 } # Fetch health vaultRaw v1/sys/health # Fetch seal-status vaultRaw v1/sys/seal-status
  • 8. Copyright © 2018 HashiCorp ⁄ HTTP (raw /dev/tcp) output 8 $ ./vault-raw-api.sh HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 01:40:36 GMT Content-Length: 298 Connection: close {"initialized":true,"sealed":false,"standby":false,"performance_standby":false,"replication_performance_mode":" disabled","replication_dr_mode":"disabled","server_time_utc": 1572918036,"version":"1.2.3+ent","cluster_name":"vault-cluster-e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104- bbf1eac855f5"} HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 01:40:36 GMT Content-Length: 242 Connection: close {"type":"shamir","initialized":true,"sealed":false,"t":1,"n":1,"progress": 0,"nonce":"","version":"1.2.3+ent","migration":false,"cluster_name":"vault-cluster- e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104-bbf1eac855f5","recovery_seal":false}
  • 9. Copyright © 2018 HashiCorp ⁄ HTTPS (openssl s client) 9 #!/bin/bash -x # John Boero - a script to access Vault using only OpenSSL Client # ARG1 is your endpoint requested (GET by default) openssl s_client -quiet -connect localhost:8200 <<EOF GET /$1 HTTP/1.1 Host: localhost:8200 X-Vault-Token: $VAULT_TOKEN Connection: close EOF
  • 10. Copyright © 2018 HashiCorp ⁄ HTTPS (openssl) output 10 $ ./vault-tls-example.sh v1/sys/health + openssl s_client -quiet -connect localhost:8200 Can't use SSL_get_servername depth=0 C = UK, L = London, O = Default Company Ltd, CN = localhost verify return:1 depth=0 C = UK, L = London, O = Default Company Ltd, CN = localhost verify return:1 HTTP/1.1 200 OK Cache-Control: no-store Content-Type: application/json Date: Tue, 05 Nov 2019 02:01:06 GMT Content-Length: 298 Connection: close {"initialized":true,"sealed":false,"standby":false,"performance_standby":false,"replication_performance_mode":" disabled","replication_dr_mode":"disabled","server_time_utc": 1572919266,"version":"1.2.3+ent","cluster_name":"vault-cluster-e97e0603","cluster_id":"4da14b8c-b2fd-56e1-a104- bbf1eac855f5"}
  • 11. Copyright © 2018 HashiCorp ⁄ Bindings Copyright © 2018 HashiCorp ⁄⁄ 11 Simplicity: Native library wrappers for the languages you prefer. Community and supported libraries here: https://www.vaultproject.io/api/libraries.html Pros: Simplicity. Accessible with standard libs. Suitable for automation or wrappers. Simple learning curve. Cons: Library maintainers must keep up with server releases.