Hello Readers. Hope you are doing good.I hope you enjoyed the series of articles on Terraform by Hashicorp. It's a well known fact now that terraform have established itself as one of the most widely used tool for provisioning infrastructure as code.You will agree with the me when I say "Security of the code is equally important" as well.
While working with terraform we come across scenarios on working with access keys and security tokens. The keys if kept loosely and compromised in any way can lead to big blunders. To take care of the same Hashicorp has another tool :- "Vault" . We are going to deep dive in to it in the upcoming series of article.
This series of articles will not only help you to understand what vault is ; but also you will be able to work with it in production environment like a champion.Last but not the least you will be able to ace the "HashiCorp Vault Associate exam" for sure.
I personally have seen people keeping critical information like database username and passwords, AWS keys and token in plain-text here and there in notepads or even sticky-notes. Off course this is convenient but not at all recommended.
Considering the points covered in above discussion, there needs to be something which agrees with below points.
Manage secrets and prevent sensitive data
Identity based access management
Generate dynamic secrets( like database credentials)
And that tool is "Vault"
Vault by Hashicorp is compatible with all the major cloud providers and can be used to securely manage
Username and Password
Can generate the credentials dynamically
Can rotate the credentials
Keeps credentials at a centralized place and encrypt it
That's it for this article, in the next one we are going to start with the real stuff. Stay tuned :-)