Encryption-as-a-Service with Vault's Transit Secret Engine

Learn two methods for integrating Vault's Transit Secrets Engine into your application using the HVAC Python library for code-level integration or through the Vault API with the Requests Python library.

Security and encryption should always be the number one priority when dealing with user data. With the amount of data companies get daily, storing it encrypted should always be the default standard. This prevents anyone, even users handeling the data, the abilty to see any confidential information.

Using Vault's Transit Secrets Engine essentially removes the burden of having to integrate encryption in their code from developers. Developers can now focus on writing quality code and let Vault handle the encryption. Transmit provides multiple types of encryption including AES-256, RSA-4096, etc.

What You'll Learn

This demo will go through standing up the Transit Secrets Engine in Vault and demo a full workflow of how developers can integrate Transit into their code through the HVAC Python Library or directly through the Vault API with the Requests Python Library.

After this session, attendees will have insight on how to incorporate this workflow into their current applications.

Slides and GitHub Repo

Find the slides and demo code for this talk in this GitHub repo

More resources like this one

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/20/2023
  • Case Study

Adopting GitOps and the Cloud in a Regulated Industry