Zero-Touch Machine Secret Access with Vault
Learn a method for automating machine access using HashiCorp Vault's TLS auth method with Step CA as an internal PKI root.
Humans can easily log in with a variety of credential types to Vault to retrieve secrets, API tokens, and ephemeral credentials to a variety of systems. What about your servers though? Whether you run in a bare-metal environment, a multi-cloud distributed architecture, or even just a handful of virtual machines in a lab setting the odds are that your machines need access to Vault as well.
» What You'll Learn
In this session, Backblaze SRE Michael Aldridge examines the first secret (or "secret zero") problem, looking for a vendor-neutral solution. He ultimately recommends using DNS and the Automatic Certificate Management Environment (ACME), but private. In the last half of the talk, he shows setting up an ACME-capable certificate authority with Step CA as an internal PKI root, and then integrating into HashiCorp Vault using Vault's TLS auth method.