Collaborate Disseminate
Say I set up a HashiCorp Vault, on dedicated hardware, with an AKV seal stanza like the following:
seal “azurekeyvault” {
tenant_id = “46646709-b63e-4747-be42-516edeaf1e14”
client_id = “03dc33fc-16d9-4b77-8152-… Continue reading How do I protect the Azure Client ID and Client Secret in HashiCorp Vaults with AKV Auto-Unseal?
HashiCorp Vault is an open source tool for secrets management.
I’m using it for this purpose, and have come across a minor issue. I seemingly cannot deny access to a specific API path.
I’ve tested this on 2 different Vault clusters. An… Continue reading If one HashiCorp Vault Policy allows a capability, and another denies it, how does it decide which Policy to honor?
In a system with a complex set of computed authorizations, does conveniently allowing a given user access to view all of their own authorizations decrease security?
In a “Policy as Code” system which relies on consumers of … Continue reading Does allowing a user to know their own authorized capabilities decrease security?
We’re currently improving our custom secrets management system and I’m looking into different solutions such as Hashicorp Vault or AWS KMS.
So far Vault seems to meet most of our current requirements, is an open-source proje… Continue reading Password protected secrets on Vault
This seems like a pretty simple use case, but it would depend on some pretty recently added functionality which I might not understand yet:
A python script gets populated by configuration management on a few monitoring serve… Continue reading Can I use HashiCorp Vault to restrict access to credentials based on CIDR ranges?
I’m new to Vault and its patterns but think they’re great, having to manually unseal a Vault instance gives some great security. However it seems like those benefits are somewhat reduced by a weak link — authenticating servi… Continue reading Best practices for automated service authentication with Vault
I will get thousands of user’s tokens when they authorise to us via OAuth (external provider).
I am trying to find out what the best practices to securely encrypt user’s token into a database.
I am considering using libsodi… Continue reading Store tokens in MySQL or use Vault (HashiCorp)?
I will get thousands of user’s tokens when they authorise to us via OAuth (external provider).
I am trying to find out what the best practices to securely encrypt user’s token into a database.
I am considering using libsodi… Continue reading Store tokens in MySQL or use Vault (HashiCorp)?
I’m working on upgrading a “legacy” infrastructure where a handful of PHP, Rails and Perl (CGI) applications are in use. Historically, these applications have been written with the database credentials sprinkled into all the … Continue reading Best practice for securing DB passwords for multiple web apps?
There seems to be a general recommendation to store secrets in the Hashicorp Vault instance (or similar key-management software) and avoid passing secrets via environment variables.
In what particular scenarios using Vault is… Continue reading What security advantages does Hashicorp Vault have over storing secrets (passwords, API keys) in environment variables?