Secrets management across Microservices with HashiCorp Vault
Submitted by Bharadwaj Embar (@bharadwajrembar) on Monday, 1 April 2019
Section: Full talk Technical level: Intermediate
In today’s world of web scale applications, secrets management is a daunting task and is often overlooked, until the product is evaluated for Compliance certifications. Often times, this overhead usually falls on the Execution Platform team as rotation of secrets must also ensure that there is no downtime in the product. The kind of secrets can range from key/value pairs, cloud access credentials, data store access credentials, encrypted data in transit, etc.
At this rate, how does a team scale secrets management and stay complaint?
Enter HashiCorp Vault. In this talk, using a custom built application as an example, we will be looking at how we can leverage Vault in various domains of access control, the challenges behind scaling various secret engines to fit our application’s need, the challenges behind ensuring an HA cluster and idiomatic practices.
What is secrets management and why everyone needs to implement it as early as possible?
Why not just use a key store for all secrets?
What does HashiCorp Vault bring to the table?
Demo: Generating secrets for an application using Vault (KV, AWS and PostgreSQL)
Patterns to Access Vault
Operational challenges of an HA Setup
There are no requirements. This is for participants who are looking to evaluate/implement secrets management and consider HashiCorp Vault as a prime candidate.
Bharadwaj is an MTS/Platform Engineer for Nutanix BEAM. A big fan of Open Source and related talks/technologies. Loves to hack open and question everything.