Walk through this example company's pipeline that uses authentication mechanisms (AppRole, AWS), Vault policies, and secret backends (KV, AWS, SSH) to build secure and auditable delivery.
Many teams are still using hard-coded static credentials in their delivery pipelines to authenticate to cloud providers, or to connect on target servers using SSH. Most of the time, the problem is not addressed because there does not seem to be an easy solution, meanwhile it creates a critical security threat.
The aim of this talk is to show how delivery pipelines can be secured in a unified way across any number of different cloud providers, by implementing the principle of least privilege with HashiCorp Vault. It will also underline key benefits of using Vault, like unified security policy and centralized audit logging (think of it as an identity-broker for your all of your secrets management motions).
This talk will look at an example company that needs to deploy infrastructure to its private cloud, and to multiple AWS accounts. This example will combine authentication mechanisms (AppRole, AWS), Vault policies, and Secret Backends (KV, AWS, SSH) to build a secure and auditable delivery pipeline.
Speaker: Vincent Poilvert
Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones
How Discover Manages 2000+ Terraform Enterprise Workspaces
Architecting Geo-Distributed Mobile Edge Applications with Consul
A Field Guide to Zero Trust Security in the Public Sector