Collaborate Disseminate
I am doing a bunch of test/data scraping projects across a few different platforms that consume read-only and not really important API keys. I can only foresee minimal damage if they were to get out.
With that said, I cant see any glarin… Continue reading Considerations for having Hashicorps vault on the open net
I have PCF spring boot application which needs to access the vault server to get the credentials to create datasource during startup. Right now we are hard coding the app role id and secret id in the spring boot application . Is there a b… Continue reading Storing vault read token securely
Say I set up a HashiCorp Vault, on dedicated hardware, with an AKV seal stanza like the following:
seal “azurekeyvault” {
tenant_id = “46646709-b63e-4747-be42-516edeaf1e14”
client_id = “03dc33fc-16d9-4b77-8152-… Continue reading How do I protect the Azure Client ID and Client Secret in HashiCorp Vaults with AKV Auto-Unseal?
HashiCorp Vault is an open source tool for secrets management.
I’m using it for this purpose, and have come across a minor issue. I seemingly cannot deny access to a specific API path.
I’ve tested this on 2 different Vault clusters. An… Continue reading If one HashiCorp Vault Policy allows a capability, and another denies it, how does it decide which Policy to honor?
In a system with a complex set of computed authorizations, does conveniently allowing a given user access to view all of their own authorizations decrease security?
In a “Policy as Code” system which relies on consumers of … Continue reading Does allowing a user to know their own authorized capabilities decrease security?
We’re currently improving our custom secrets management system and I’m looking into different solutions such as Hashicorp Vault or AWS KMS.
So far Vault seems to meet most of our current requirements, is an open-source proje… Continue reading Password protected secrets on Vault
This seems like a pretty simple use case, but it would depend on some pretty recently added functionality which I might not understand yet:
A python script gets populated by configuration management on a few monitoring serve… Continue reading Can I use HashiCorp Vault to restrict access to credentials based on CIDR ranges?
I’m new to Vault and its patterns but think they’re great, having to manually unseal a Vault instance gives some great security. However it seems like those benefits are somewhat reduced by a weak link — authenticating servi… Continue reading Best practices for automated service authentication with Vault
I will get thousands of user’s tokens when they authorise to us via OAuth (external provider).
I am trying to find out what the best practices to securely encrypt user’s token into a database.
I am considering using libsodi… Continue reading Store tokens in MySQL or use Vault (HashiCorp)?
I will get thousands of user’s tokens when they authorise to us via OAuth (external provider).
I am trying to find out what the best practices to securely encrypt user’s token into a database.
I am considering using libsodi… Continue reading Store tokens in MySQL or use Vault (HashiCorp)?