Switzerland has bunkers, we have HashiCorp Vault
In this talk, Hacknowledge security engineer Christophe Tafani-Dereeper outlines the concepts you need to know to understand Vault, and demonstrates some real-world scenarios.
HashiCorp Vault is specifically designed to secure and manage all kind of secrets—from passwords to database credentials to encryption keys. Learn how it can help your organization wrangle its security holes in a number of ways.
This talk will walk through:
- Untrusted storage backends
- Authentication methods
- Sealing/unsealing processes
- Response wrapping
- Dynamically generated short-lived secrets
Building upon that, the session reviews several real-world scenarios, demonstrating how Vault can be used to implement a highly separated architecture, suitable for low-trust environments. For every scenario, you'll be put into an attacker's shoes, analyzing the potential impact on the overall architecture of a compromise in each component.
You can download the original slides here.