Zero-Touch Machine Secret Access with Vault

Learn a method for automating machine access using HashiCorp Vault's TLS auth method with Step CA as an internal PKI root.

Humans can easily log in with a variety of credential types to Vault to retrieve secrets, API tokens, and ephemeral credentials to a variety of systems. What about your servers though? Whether you run in a bare-metal environment, a multi-cloud distributed architecture, or even just a handful of virtual machines in a lab setting the odds are that your machines need access to Vault as well.

»What You'll Learn

In this session, Backblaze SRE Michael Aldridge examines the first secret (or "secret zero") problem, looking for a vendor-neutral solution. He ultimately recommends using DNS and the Automatic Certificate Management Environment (ACME), but private. In the last half of the talk, he shows setting up an ACME-capable certificate authority with Step CA as an internal PKI root, and then integrating into HashiCorp Vault using Vault's TLS auth method.

More resources like this one

  • 4/11/2024
  • FAQ

Introduction to HashiCorp Vault

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones