Presentation

The HashiCorp Vault Origin Story - Mitchell Hashimoto at Latency 2019

Hear the story of what factors in the state of security led to the creation of Vault and why Mitchell Hashimoto and his colleagues made it the way they did.

Speakers

  • Mitchell Hashimoto
    Mitchell HashimotoCo-founder, HashiCorp

This isn't an introduction to Vault talk. It's a look at the broader picture of why Vault needed to exist, and why it was engineered in a particular way.

In his presentation "Evolving Cloud Security With Vault" at the Latency 2019 conference, HashiCorp co-founder Mitchell Hashimoto shares what factors led him to the creation of HashiCorp Vault, a secrets management, identity, and encryption platform.

From this experience you'll learn general steps for finding a problem space and designing a product.

Outline

6:41 — Attempting a cloud-first commercial offering

  • Problems discovered in the first attempt:
    1. Provisioning
    2. Service discovery
    3. Scheduling
    4. Security (didn't anticipate this - Never intended to solve this) — specifically secrets management and data encryption

10:50 — The security problem statement

  • Search for any existing solutions - pair technical requirements with the environmental factors you must fit into

16:15 — Designing Vault

  1. Fix properties of existing solutions
  2. Inherit necessary features of category
  3. Examine new environment for innovation

22:14 — Building Vault

  • Build some innovative features to give people an idea of what to expect
  • Easy day 0 experience

Philosophically firm views for Vault - Single source for secrets: Yes it's a single point of failure, but it's also a single point of consistency, excellence, manageability, and observability. - Human and machine access: Applications as well as people need access to secrets for true automation and speed. - Practical security: Flexible enough for multiple definitions and maturity levels of security.

29:10 — Negative feedback

Learn how to find constructive feedback and employ the "submarine strategy".

35:34 — Why did Vault succeed?

More resources like this one

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/20/2023
  • Case Study

Packaging security in Terraform modules

  • 12/22/2022
  • Case Study

Architecting Geo-Distributed Mobile Edge Applications with Consul

  • 12/13/2022
  • Case Study

Nomad and Vault in a Post-Kubernetes World