Are you still giving your applications long-lived static database credentials? Learn how Vault can make dynamic credentials a viable, more secure alternative.
Applications are always going to be leaky intstances where attackers will often find creative ways to obtain credentials and other secrets (API keys, certificates, etc.). Managing secrets in a central repository is a great first step toward mitigating threats, but it's not enough.
Because generating certificates is a slow, burdensome process, many organizations will maintain certificates that are valid for years, floating around their systems in plaintext, without any means to revoke them easily if their data is breached.
Frequent credential rotation (Dynamic Secrets) is the best protection against the majority of network intrusions where attackers often have valid credentials to move towards sensitive data. But how do you make rotation simple and automated?
In this Solutions Engineering Hangout session, Thomas Kula, a solutions engineer at HashiCorp, will demo how to use HashiCorp Vault to deliver dynamic database credentials in an easy, automated manner. He'll also discuss why dynamic secrets make sense as more architectures become service oriented.
0:00 — Intro to dynamic secrets and why you should use them
5:50 — Demo: Securing databases with dynamic credentials with Vault - (GitHub Repo)
24:25 — Q&A