Hashicorp Vault : Setting the Base

Hello Readers. Hope you are doing good.I hope you enjoyed the series of articles on Terraform by Hashicorp. It's a well known fact now that terraform have established itself as one of the most widely used tool for provisioning infrastructure as code.You will agree with the me when I say "Security of the code is equally important" as well.

While working with terraform we come across scenarios on working with access keys and security tokens. The keys if kept loosely and compromised in any way can lead to big blunders. To take care of the same Hashicorp has another tool :- "Vault" . We are going to deep dive in to it in the upcoming series of article.

This series of articles will not only help you to understand what vault is ; but also you will be able to work with it in production environment like a champion.Last but not the least you will be able to ace the "HashiCorp Vault Associate exam" for sure.

I personally have seen people keeping critical information like database username and passwords, AWS keys and token in plain-text here and there in notepads or even sticky-notes. Off course this is convenient but not at all recommended.

Considering the points covered in above discussion, there needs to be something which agrees with below points.

  • Manage secrets and prevent sensitive data

  • Identity based access management

  • Generate dynamic secrets( like database credentials)

  • Open Source

And that tool is "Vault"

Vault by Hashicorp is compatible with all the major cloud providers and can be used to securely manage

  • Username and Password

  • Database Credentials

  • API tokens

  • TLS certs

  • Can generate the credentials dynamically

  • Can rotate the credentials

  • Keeps credentials at a centralized place and encrypt it

  • Facilitate auditing

That's it for this article, in the next one we are going to start with the real stuff. Stay tuned :-)


277 views0 comments

Recent Posts

See All