How long does it take to roll out Vault?
Nov 28, 2018
The technical hurdles to setting up Vault aren't very difficult. The main factor in setup time will be your team.
VP Worldwide Solutions Engineering, HashiCorp, HashiCorp
As you look to implement Vault there are a number of different considerations you have to take, and one of the big questions is how long is it going to take me to roll Vault out. There are a number of different ways that you can go about rolling Vault out.
We as an automation company prefer to automate that process. We create tools like Packer and Terraform which allow you to use immutability and ensure that you're versioning your infrastructure—which Vault is, at the end of the day, infrastructure. Terraform has a number of examples and templates for you to easily do that.
Now there are also configuration management tools like Chef, Ansible, Puppet, and Salt where there are common community-created playbooks or recipes or whatever tool you may be using to stand that up, where you can get going in a day. You can get it stood up.
You've got to start to think about what the security implications are, how you want to configure it, obviously TLS is important. Do you want to interact with the different systems in your network? It sometimes requires you to open up ports.
So a lot of rolling out Vault technically can be done in a matter of hours and days. That part's pretty easy. The part where it starts to get a bit more difficult is—because it's a secrets management solution—it's working with your networking team to open up the ports that allow you to talk to Vault. It's working with your different app teams to be able to take the secrets that they have and put them into your new secrets management system. It's working with InfoSec to check the boxes on: Is this system secure for what we're trying to do?
A lot of the challenges with rolling out Vault are not technical, it's more political and it's human. So getting ahead of those early is important—where you get all the stakeholders in a room and you say, "Is this important to us?" And if it's important to us, how do we work together to ensure when we technically roll Vault out, which is relatively easy, how do we ensure that we can actually consume it?
Is the development team ready to change their applications or to look for where the secrets may be, based on the tooling you provide? Is the operation team ready with your DR story, your HA story, your replication story so it's fit for purpose? Is the security team ready to ensure that the way that Vault is set up, the way that you access it, is in line with corporate standards?