Secure Cloud API Access with HashiCorp Vault
Jan 28, 2020
HashiCorp Solutions Engineer Sean Carolan introduces Vault in the first half of this DevOpsDays Austin talk, and gives a live Instruqt demo in the second half.
- Sean CarolanSolutions Engineer, HashiCorp
Looking for the most basic way to learn the concepts of cloud security and secrets management? Check out this talk and demo from DevOpsDays Austin introducing HashiCorp Vault and the concepts of dynamic secrets.
What the Open Source Version of Vault Can Do
Vault doesn't just store and propagate existing, static secrets in a secure manner. It also has the ability to generate credentials from AWS, GCP, Azure, or databases like MySQL, MongoDB, and PostgreSQL. It can generate secrets for a number of other infrastructure components like service discovery, message queues, and more.
Vault can also revoke and give credentials a lifespan, making it impossible for an attacker to carry out a long-term hack even if they manage to get credentials.
The Demo: AWS Dynamic Secrets with Vault
This demo shows exactly how to set up dynamic Vault credentials in the cloud (same workflow works for GCP, Azure, and Active Directory too) with only the necessary privileges. Try out the interactive demo-lesson for yourself: AWS Dynamic Secrets with Vault on Instruqt