Fighting secrets sprawl with HCP Vault Secrets

Every modern IT organization needs to centrally manage the passwords, tokens, keys, credentials, and certificates that their applications use to access other resources. They need secrets management, and for that, HCP Vault Secrets is the easiest onramp to security lifecycle management in the cloud done right.

Secrets scattered across environments with no central management or secure storage is a recipe for disastrous breaches. This introduction to HCP Vault Secrets shows how a simple SaaS can solve this problem with very little friction for your teams, even if they already use their own secrets management solutions like AWS Secrets Manager, Azure Key Vault, Google Cloud Secret Manager, GitHub Repository Actions, or Vercel Projects.

0:00 - Introduction to HCP Vault Secrets

0:20 - Navigating the HashiCorp Cloud Platform (HCP)

0:42 - Identifying a secret in the code of a web application

1:00 - Launching the web app by running server.go

1:35 - Secrets import to HashiCorp Vault with a drag-and-drop secrets import

2:02 - Inspecting the import audit logs

2:22 - Updating the web app source code so it now uses a secret managed in Vault

3:08 - Using the secret sync functionality to sync with GitHub secret storage

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones