Managing Vault with Terraform
Feb 27, 2020
Learn how to setup Vault via the Terraform Vault provider and see what it looks like to make ongoing changes to Vault through Git using Terraform.
HashiCorp Vault is a tool that can store and manage secrets—including tokens, passwords, certificates, etc. On-top of this, Vault needs to be managed, which means there needs to be a person or team responsible for setting up Authentication Methods, Policies, and Secrets Engines.
Even though everything in Vault can be setup manually and through the UI, CLI, or API, this talk will show you how to use Terraform and the infrastructure-as-code mindset to setup all the features of Vault via the Terraform Vault provider. Using the provider, teams can now setup all aspects of Vault through code and let Terraform setup the configuration. This allows teams to have a repeatable infrastructure in case teams need to stand up a replica Vault cluster for testing.
Another benefit of using Terraform and storing this code in version control is that it allows all Vault administrators to have full insight into any changes to Vault. Any change becomes a pull request and gets reviewed by the administrators of Vault.
» What You'll Learn
This demo will go through the full configuration of a Vault cluster using Terraform's Vault provider. You'll get to see what it would look like for an administrator to make a change in Vault through Git with an infrastructure-as-code mindset.
» Demo Repo
You can find the GitHub repository for this demo here