Wednesday, December 9, 2015

How to keep secrets with Vault

A tool for managing secrets.
  1. Knowledge
    1. Vault is a data-store for your infrastructure's tokens, passwords, certificates, API keys, and generally all things secret.
  2. Strategy
    1. Installation
      1. Download and install the binary.
    2. Configuration
      1. A config file is loaded with the Vault CLI -config flag.
      2. Two fields are required, Backend and Listener.
        1. Backend is where the Vault data is stored.
        2. Listener is where Vault receives API requests.
  3. Execution

3 comments:

  1. Action DanDecember 10, 2015 at 5:52 AM

    Is it safe to disable TLS like that?

    ReplyDelete
  2. r0zarDecember 10, 2015 at 8:41 AM

    Probably not as safe as using it in addition to SSL, but this is just a port from Hashicorp's provided example. I could remove that field, but then would need to include all the key information. Good catch, this configuration could be made even more secure by enabling TLS.

    ReplyDelete
    Replies
    1. r0zarDecember 10, 2015 at 8:49 AM

      After further reading, it looks like TLS v1.2 is becoming the standard as a replacement to SSL v3.0. Seems I may have to use it, as opposed to SSL.

      Delete

Subscribe to: Post Comments (Atom)