Presentation

Keybase Vault Auto-Unseal

Published 8:00 AM UTC Feb 26, 2020

In this talk, learn how to automatically unseal Vault clusters within a Keybase team.

When you want to automate the unsealing of your on-premise Vault clusters, how can you securely distribute Shamir unseal keys to the team so you can unseal your Vault when while on-call?

What You'll Learn

In this talk, learn how to automatically unseal Vault clusters within a Keybase team. The example demo uses Keybase.io in an automated Vault on Consul cluster with an Ansible/Vagrant environment to teach and practice.

  • Vagrant (tested on Mac)
  • Consul OSS
  • Vault OSS
  • Keybase (vault operator init, vault unseal, KBFS)
  • Ansible (Brian Shumate's roles, custom roles)
  • Packer (work in progress)

Slides

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

View all resources