Everyone is talking about the microservices architecture, and how Docker can help DevOps deploy the services. Docker is often mentioned in conjunction with cluster managers like Kubernates, Marathon or Fleet. But, what about the secrets? The current trend increase the number of secrets required to run our services. This place a new level of maintenance on our security teams. How can we share and manage the secrets(certificates, passwords, keys) for our services in this kind of dynamic scenario; where instances are started automatically, where there are multiple instances of the same services for scalability reasons? Are you keeping up?
Come to this session to see how you can manage your secrets with Vault; and make security a first class citizen in the development process.
13. V A U L T
F E A T U R E S
Secure
Secret
Storage
alexsotob lordofthejars
14. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
alexsotob lordofthejars
15. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
alexsotob lordofthejars
16. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
Leasing,
Renewing,
Revocation
alexsotob lordofthejars
17. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
Leasing,
Renewing,
Revocation
Auditing
alexsotob lordofthejars
18. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
Leasing,
Renewing,
Revocation
Auditing
ACL
alexsotob lordofthejars
19. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
Leasing,
Renewing,
Revocation
Auditing
ACL
Multiple
Authentication
Methods
alexsotob lordofthejars
20. V A U L T
F E A T U R E S
Secure
Secret
Storage
Dynamic
Secrets
Data
Encryption
Leasing,
Renewing,
Revocation
Auditing
ACL
Multiple
Authentication
Methods
REST API
alexsotob lordofthejars
21. S E C U R E
S E C R E T
S T O R A G E
alexsotob lordofthejars
22. L E T ' S
S E E
I N
A C T I O N
alexsotob lordofthejars
25. N E E D
Y O U R
H E L P
alexsotob lordofthejars
26. A P P
I D
Random
Unique
Chunk
alexsotob lordofthejars
27. A P P
I D
Random
Unique
Chunk
Unique
to
Application
(aka
Service)
alexsotob lordofthejars
28. A P P
I D
Random
Unique
Chunk
Unique
to
Application
(aka
Service)
Generated
by
Operator
alexsotob lordofthejars
29. A P P
I D
Random
Unique
Chunk
Unique
to
Application
(aka
Service)
Generated
by
Operator
Stored
in
Configuration
Management
alexsotob lordofthejars
30. U S E R
I D
Intrinsic
Properties
alexsotob lordofthejars
31. U S E R
I D
Intrinsic
Properties
Unique
to
Instance
alexsotob lordofthejars
32. U S E R
I D
Intrinsic
Properties
Unique
to
Instance
Generated
by
Cloud
Init
Script
alexsotob lordofthejars
33.
34. login
E A C H
S E R V I C E
W I T H
T U P L E
{ A P P I D ,
U S E R I D }
alexsotob lordofthejars