Learn a method for automating machine access using HashiCorp Vault's TLS auth method with Step CA as an internal PKI root.
Humans can easily log in with a variety of credential types to Vault to retrieve secrets, API tokens, and ephemeral credentials to a variety of systems. What about your servers though? Whether you run in a bare-metal environment, a multi-cloud distributed architecture, or even just a handful of virtual machines in a lab setting the odds are that your machines need access to Vault as well.
In this session, Backblaze SRE Michael Aldridge examines the first secret (or "secret zero") problem, looking for a vendor-neutral solution. He ultimately recommends using DNS and the Automatic Certificate Management Environment (ACME), but private. In the last half of the talk, he shows setting up an ACME-capable certificate authority with Step CA as an internal PKI root, and then integrating into HashiCorp Vault using Vault's TLS auth method.
How Weyerhaeuser Automates Secrets with Vault and Terraform
Why You Need a Faster Secrets Rotation Strategy
Nomad, Consul & Vault at the Edge in eFishery
Managing Secrets the Kubernetes-Native Way with HashiCorp Vault and Trousseau