Day[37/100] #100DaysOfCloud – Jonnychipz – Hashicorp Vault

Today I spent an hour looking at the features of Hashicorps ‘Vault’ product.

As I’m looking at the whole Infrastructure as Code route with Hashicorp Terraform I thought it might be a good idea to take a look at their secrets management platform ‘Vault’.

I was lucky enough to have been taken through a demo of the feature sets of Vault by two Hashicorp staff member who did a fantastic job outlining the architecture of the product and its use cases.

Hashicorp Learning modules: https://learn.hashicorp.com/vault

Vault Structure:

  • Built as an API first product accessible via CLI or User Interface
  • Includes Namespaces for Multitenancy type deployment (Enterprise Feature)
  • Supports Multiple Authentication Providers *Cloud Providers, Kerberos, Local)
  • Authorisation Policies: ACL’s that determine the level of authorisation and Sentinel Policies (Enterprise Feature) for How you can use Vault.
  • Vault is built off a Secrets engine that covers various scenarios and encryption requirements such as: Static Secrets, Dynamic Secrets covering SSH PKI DB Cloud, and also Transit Encryption.
Vault Triangle

Really interesting concept for a cloud agnostic Secrets management system that I am considering use of as part of Operations IaC development, i.e. for storing any IaC secrets for deployment, Client keys for authentication to cloud services as well as looking as PKI management.

Hashicorp have developed a great set of learning resources on their web site that I would highly recommend taking a look at.

100DaysOfCloud Overview

My Main ReadMe Page is all set up with a bit about me!

The guys at 100DaysofCloud have set up the GitHub repo to be cloned and also have a great repo containing ideas and areas to collaborate on: https://github.com/100DaysOfCloud/100DaysOfCloudIdeas

My Github Journey tracker can be found here: https://github.com/jonnychipz/100DaysOfCloud

Please Watch/Star my repo and feel free to comment of contribute to anything I push! I really look forward to hearing from anyone who is going to jump on the journey around the same time as me! Lets see where I get to in 100 days!

I would encourage others to jump on this journey, I’m not sure that I will be able to commit every day for 100 days, but as long as I can complete 100 days that will be great!

http://www.100daysofcloud.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s