The HashiCorp Vault Origin Story - Mitchell Hashimoto at Latency 2019
Jan 08, 2020
Hear the story of what factors in the state of security led to the creation of Vault and why Mitchell Hashimoto and his colleagues made it the way they did.
Founder & Co-CTO, HashiCorp
This isn't an introduction to Vault talk. It's a look at the broader picture of why Vault needed to exist, and why it was engineered in a particular way.
In his presentation "Evolving Cloud Security With Vault" at the Latency 2019 conference, HashiCorp co-founder Mitchell Hashimoto shares what factors led him to the creation of HashiCorp Vault, a secrets management, identity, and encryption platform.
From this experience you'll learn general steps for finding a problem space and designing a product.
6:41 — Attempting a cloud-first commercial offering
- Problems discovered in the first attempt:
10:50 — The security problem statement
- Search for any existing solutions - pair technical requirements with the environmental factors you must fit into
16:15 — Designing Vault
- Fix properties of existing solutions
- Inherit necessary features of category
- Examine new environment for innovation
22:14 — Building Vault
- Build some innovative features to give people an idea of what to expect
- Easy day 0 experience
Philosophically firm views for Vault
- Single source for secrets: Yes it's a single point of failure, but it's also a single point of consistency, excellence, manageability, and observability.
- Human and machine access: Applications as well as people need access to secrets for true automation and speed.
- Practical security: Flexible enough for multiple definitions and maturity levels of security.
29:10 — Negative feedback
Learn how to find constructive feedback and employ the "submarine strategy".
35:34 — Why did Vault succeed?