PostFinance on Using Terraform and Vault at Scale
Oct 18, 2019
Learn how PostFinance has been using HashiCorp Vault with HashiCorp Terraform and Kubernetes since 2017.
PostFinance, a major Swiss retail bank, recently presented two talks focused on how they’re using Terraform and Vault at scale. This was the fourth meeting of the Cloud Native meetup in Bern, Switzerland. The meetup saw over 90 participants gather together to hear from the likes of SBB, PostFinance, Berner Fachhochschule and Bespinian.
Johann Gyger, a consultant to PostFinance, provided an overview of the HashiCorp Vault journey. Here were some of the stats:
- Over 800K requests per day
- 100K decrypts from Puppet per day
- 3K AppRole logins per day
- 40 Kubernetes logins per day
- 30 personal logins per day
PostFinance started using HashiCorp products in 2017 and has been adding use cases ever since, including core banking, cash withdrawal, and technical integrations with other software like HashiCorp Terraform or Kubernetes.
For the future, PostFinance plans to use Vault Enterprise features like Auto Unseal integrating with Hardware Security Modules (HSM).
The second talk from Christian Bürgi, a software enginer at PostFinance, touched the core use case of cash withdrawal—next to online banking it’s the most important use case for any retail banking customer. Christian described the journey of moving the ATM backend to Kubernetes, which was accomplished by a small team of enthusiasts within one year from decision to go-live. Here again, Vault was used for managing secrets.
Big thanks to the Cloud Native Bern organization team. Looking forward to the next meetup with a session on HashiCorp Consul.