Webinar

Vault 1.2: Database Credential Rotation and Identity Tokens

Sep 19, 2019

In this webinar, HashiCorp demos two features from the recently released Vault 1.2: Static credential rotation with the upgraded database secrets engine and Vault-native HA storage.

Speakers

  • Justin Weissig

    Justin Weissig

    Vault Technical Marketing, HashiCorp

Vault 1.2, which was released a few weeks after being previewed at HashiConf EU, introduces several useful new features including:

  • The ability to mint OIDC-compliant JWT tokens tied to Vault identities
  • An upgrade to the database secrets engine making it easier for applications with static user accounts to use Vault to auto-rotate those secrets with no code changes.
  • A tech preview for Vault-native high availability storage (no more requirement for Consul or any backend store)
  • A KMIP server secret engine in Vault Enterprise

These features further improve Vault’s ability to automate secrets management, encryption as a service, and privileged access management.

Join Vault technical marketer Justin Weissig as he demos two of Vault 1.2's new features:

  • Static credential rotation with the upgraded database secrets engine
  • Raft-based, Vault-native high availability storage [tech preview]

» Outline

0:00 — Brief introduction to HashiCorp Vault

4:42 — Demo: Static credential rotation with the upgraded database secrets engine

16:56 — Demo: Raft-based, Vault-native high availability storage

22:18 — Overview of creating OIDC-compliant JWT tokens tied to Vault identities

26:30 — Q&A

» Q&A

  • How do you migrate from a Consul backend to this new Vault integrated storage?

  • For the Raft integrated storage: Do you have auto-unseal on a node restart or does it need to be done separately?

  • With Raft, is there the concept of ACLs like there is in Consul. In production we lock down access to the Vault path using ACL tokens.

  • Does Vault offer a snapshot agent similar to Consul for its new integrated storage?

To learn more about these features, visit our HashiCorp Learn tracks on Vault 1.2.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×