Case Study

Vault Fastly Secret Engine Design and Integration

In this talk, engineers Ling Zhang and Shawn Bower show how they use Vault for securing their Fastly CDN layer at The New York Times.


  • Ling Zhang
    Ling ZhangSoftware Developer, New York Times

The NYT has many services, each with many tokens. Managing a large amount of static tokens has become a burden. In order to address this they found a way to generate dynamic short lived tokens using HashiCorp Vault.

Vault provides this functionality for GCP, AWS, and other cloud services, so they created a plugin that would do this for Fastly. This talk walks through how Fastly tokens are stored and used, and how they migrated to dynamic secrets. It also walks through how they developed the Vault plugin to do this with a short demo.

This talk was part of the first HashiTalks online event—A 24-hour continuous series of presentations from the worldwide HashiCorp User Group (HUG) community and from HashiCorp engineers as well. The event took place from February 21-22, 2019.

Check out your local chapter or start a new one here.

More resources like this one