Call for round the year submissions for Rootconf in 2019

Submit a proposal at any time in the year on DevOps, infrastructure security, cloud, and distributed systems. We will find you a suitable opportunity to share your work.

Propose a session

Secrets management across Microservices with HashiCorp Vault

Submitted by Bharadwaj Embar (@bharadwajrembar) on Monday, 1 April 2019

Section: Full talk Technical level: Intermediate

Abstract

In today’s world of web scale applications, secrets management is a daunting task and is often overlooked, until the product is evaluated for Compliance certifications. Often times, this overhead usually falls on the Execution Platform team as rotation of secrets must also ensure that there is no downtime in the product. The kind of secrets can range from key/value pairs, cloud access credentials, data store access credentials, encrypted data in transit, etc.

At this rate, how does a team scale secrets management and stay complaint?

Enter HashiCorp Vault. In this talk, using a custom built application as an example, we will be looking at how we can leverage Vault in various domains of access control, the challenges behind scaling various secret engines to fit our application’s need, the challenges behind ensuring an HA cluster and idiomatic practices.

Outline

What is secrets management and why everyone needs to implement it as early as possible?
Why not just use a key store for all secrets?
What does HashiCorp Vault bring to the table?
Demo: Generating secrets for an application using Vault (KV, AWS and PostgreSQL)
Patterns to Access Vault
Operational challenges of an HA Setup
Idiomatic Practices

Requirements

There are no requirements. This is for participants who are looking to evaluate/implement secrets management and consider HashiCorp Vault as a prime candidate.

Speaker bio

Bharadwaj is an MTS/Platform Engineer for Nutanix BEAM. A big fan of Open Source and related talks/technologies. Loves to hack open and question everything.

Links

Comments

Login with Twitter or Google to leave a comment