Demo

Building a Fast-Moving, PKI Compliance-Centered Environment at Scale with HashiCorp Vault and Consul

See how to chain tools using HashiCorp Consul for service mesh, secrets from Vault, and certificates from EJBCA via Vault plugin.

PKI and mutual TLS (mTLS) certificates are now heavily relied on, but uncontrolled certificate issuance increases the risk of severe service outages or compliance issues. Organizations are trying to combine high velocity operations and high availability, with the need for high security, controls, and compliance. These sometimes-conflicting requirements can be very hard to combine and the outcome of various approaches to balance them are not crystal clear. But there are many roads that lead to Rome. You'll need several tools in your toolbox.

In this presentation you'll see how to combine a mature and compliant PKI with the automated, rapidly changing, multi-cloud deployments in modern DevOps. By using a HashiCorp Vault plugin for EJBCA PKI, which you'll see in a short demo, you can use the same efficient tool for managing certificates that you use for all other secrets, and the result is efficient, automated, secure, controlled, and compliant certificate issuance on a large scale. You'll also see how to chain tools using HashiCorp Consul for service mesh, secrets from Vault, and certificates from EJBCA.

Key takeaways:

  • Security compliance is important
  • Compliance does not have to slow you down (a lot)
  • HashiCorp products integrate well in a compliance-centred environment
  • Automation is key for security at scale

Speaker: Tomas Gustavsson

Slides here: https://drive.google.com/file/d/1-7DfEl20a4Cd5zouzOshyASoUxo1gG_I/view

PKI #DevSecOps #HashiCorpVault #Consul #Cybersecurity #SecOps #DevOps #EJBCA #ShiftLeft

More resources like this one

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/15/2023
  • Case Study

Using Consul Dataplane on Kubernetes to implement service mesh at an Adfinis client

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones