Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Secrets management with Vault
Search
Boris Quiroz
December 20, 2017
Technology
0
58
Secrets management with Vault
https://www.meetup.com/Santiago-HashiCorp-User-Group/events/245738064/
Boris Quiroz
December 20, 2017
Tweet
Share
More Decks by Boris Quiroz
See All by Boris Quiroz
Docker Images Best Practices
boris
0
56
Software Freedom Day 2015
boris
0
45
Code Driven Infrastructure
boris
0
68
hola mundo
boris
0
64
DevOps Tools: Chef + Vagrant
boris
0
230
Kitchen.CI
boris
0
120
Introducción a HSTS
boris
0
54
Hands-on Lab
boris
0
79
Tech, Method & Philosophy for the cloud
boris
0
54
Other Decks in Technology
See All in Technology
serverless team topology
_kensh
3
240
AIエージェントによる業務効率化への飽くなき挑戦 -AWS上の実開発事例から学んだ効果、現実そしてギャップ-
nasuvitz
5
1.4k
Retrospectiveを振り返ろう
nakasho
0
130
RemoteFunctionを使ったコロケーション
mkazutaka
1
140
「タコピーの原罪」から学ぶ間違った”支援” / the bad support of Takopii
piyonakajima
0
150
現場の壁を乗り越えて、 「計装注入」が拓く オブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability
aoto
PRO
1
690
SRE × マネジメントレイヤーが挑戦した組織・会社のオブザーバビリティ改革 ― ビジネス価値と信頼性を両立するリアルな挑戦
coconala_engineer
0
300
ゼロコード計装導入後のカスタム計装でさらに可観測性を高めよう
sansantech
PRO
1
550
東京大学「Agile-X」のFPGA AIデザインハッカソンを制したソニーのAI最適化
sony
0
150
パフォーマンスチューニングのために普段からできること/Performance Tuning: Daily Practices
fujiwara3
2
150
書籍『実践 Apache Iceberg』の歩き方
ishikawa_satoru
0
260
オブザーバビリティと育てた ID管理・認証認可基盤の歩み / The Journey of an ID Management, Authentication, and Authorization Platform Nurtured with Observability
kaminashi
2
1.2k
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
GitHub's CSS Performance
jonrohan
1032
470k
RailsConf 2023
tenderlove
30
1.3k
Product Roadmaps are Hard
iamctodd
PRO
55
11k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
658
61k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Transcript
Vault Boris Quiroz Q. -
[email protected]
- github.com/boris
¿Qué es Vault?
Una herramienta para acceder a secretos de forma segura.
• Almacenamiento seguro • Secretos dinámicos • Encriptación de data
• Leasing and Renewal • Revocación
Conceptos
• Seal/Unseal • Tokens • Policy • Secret Backend
Políticas
Proporcionan una manera declarativa de delegar acceso a ciertas rutas
y operaciones en Vault.
path “secret/*” { capabilities = [ “write”, “list” ] }
path “secret/very-secret/*” { capabilities = [ “deny” ] }
path “secret/not-secret/*” { capabilities = [ “create”, “delete”, “list”, “read”,
“update” ] }
AWS
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:*",
"Resource": "*" } ] }
Demo https://git.io/scl-vault-meetup
boris
_kensh
nasuvitz
nakasho
mkazutaka
piyonakajima
aoto
coconala_engineer
sansantech
sony
fujiwara3
ishikawa_satoru
kaminashi
maggiecrowley
jonrohan
tenderlove
iamctodd
csswizardry
reverentgeek
eileencodes
marktimemedia
scottboms
lemiorhan
marcelosomers
![Vault Boris Quiroz Q. - [email protected] - github.com/boris](https://files.speakerdeck.com/presentations/afe2515e1331422ba35f6a945cc8f615/slide_0.jpg){kind=link}
![path “secret/*” { capabilities = [ “write”, “list” ] }](https://files.speakerdeck.com/presentations/afe2515e1331422ba35f6a945cc8f615/slide_8.jpg){kind=link}
![path “secret/very-secret/*” { capabilities = [ “deny” ] }](https://files.speakerdeck.com/presentations/afe2515e1331422ba35f6a945cc8f615/slide_9.jpg){kind=link}
