Secure Your Multi-Cloud Delivery Pipeline with HashiCorp Vault

Walk through this example company's pipeline that uses authentication mechanisms (AppRole, AWS), Vault policies, and secret backends (KV, AWS, SSH) to build secure and auditable delivery.

Many teams are still using hard-coded static credentials in their delivery pipelines to authenticate to cloud providers, or to connect on target servers using SSH. Most of the time, the problem is not addressed because there does not seem to be an easy solution, meanwhile it creates a critical security threat.

The aim of this talk is to show how delivery pipelines can be secured in a unified way across any number of different cloud providers, by implementing the principle of least privilege with HashiCorp Vault. It will also underline key benefits of using Vault, like unified security policy and centralized audit logging (think of it as an identity-broker for your all of your secrets management motions).

What You'll Learn

This talk will look at an example company that needs to deploy infrastructure to its private cloud, and to multiple AWS accounts. This example will combine authentication mechanisms (AppRole, AWS), Vault policies, and Secret Backends (KV, AWS, SSH) to build a secure and auditable delivery pipeline.

Key takeaways

  • Delivery pipelines using static secrets with high privileges are a critical security threat
  • The principle of least privilege can be implemented in multi-cloud environments
  • Vault provides unified security policy and audit log

Speaker: Vincent Poilvert

More resources like this one