Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secrets management with Vault

Avatar for Boris Quiroz Boris Quiroz
December 20, 2017
Technology
0
58

Secrets management with Vault

https://www.meetup.com/Santiago-HashiCorp-User-Group/events/245738064/

Avatar for Boris Quiroz

Boris Quiroz

December 20, 2017
Tweet

More Decks by Boris Quiroz

See All by Boris Quiroz
Docker Images Best Practices
Avatar for Boris Quiroz boris
0
56
Software Freedom Day 2015
Avatar for Boris Quiroz boris
0
45
Code Driven Infrastructure
Avatar for Boris Quiroz boris
0
67
hola mundo
Avatar for Boris Quiroz boris
0
63
DevOps Tools: Chef + Vagrant
Avatar for Boris Quiroz boris
0
230
Kitchen.CI
Avatar for Boris Quiroz boris
0
120
Introducción a HSTS
Avatar for Boris Quiroz boris
0
53
Hands-on Lab
Avatar for Boris Quiroz boris
0
78
Tech, Method & Philosophy for the cloud
Avatar for Boris Quiroz boris
0
53

Other Decks in Technology

See All in Technology
EncryptedSharedPreferences が deprecated になっちゃった!どうしよう! / Oh no! EncryptedSharedPreferences has been deprecated! What should I do?
Avatar for Yuki Anzai yanzm
0
490
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
Avatar for sh_fk2 sh_fk2
3
460
バイブスに「型」を!Kent Beckに学ぶ、AI時代のテスト駆動開発
Avatar for amixedcolor amixedcolor
2
580
Aurora DSQLはサーバーレスアーキテクチャの常識を変えるのか
Avatar for TomoyaIwata iwatatomoya
1
1.2k
react-callを使ってダイヤログをいろんなとこで再利用しよう!
Avatar for shinaps shinaps
2
260
Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」
Avatar for KoheiOgawa shisyu_gaku
0
330
人工衛星のファームウェアをRustで書く理由
Avatar for KOBA789 koba789
15
8.3k
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
Avatar for ヤマダ(北野) yamada_r
2
120
AIエージェントで90秒の広告動画を制作!台本・音声・映像・編集をつなぐAWS最新アーキテクチャの実践
Avatar for Kiminori Yokoi nasuvitz
3
350
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
Avatar for nagisa_53 nagisa53
10
3.2k
DroidKaigi 2025 Androidエンジニアとしてのキャリア
Avatar for mhidaka mhidaka
2
380
これでもう迷わない!Jetpack Composeの書き方実践ガイド
Avatar for ZOZO Developers zozotech
PRO
0
1.1k

Featured

See All Featured
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
59
9.5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.4k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.7k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
513
110k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3k
Scaling GitHub
Avatar for Zach Holman holman
463
140k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.7k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
83
9.2k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
61k

Transcript

  1. Vault Boris Quiroz Q. - [email protected] - github.com/boris

  2. ¿Qué es Vault?

  3. Una herramienta para acceder a secretos de forma segura.

  4. • Almacenamiento seguro • Secretos dinámicos • Encriptación de data

    • Leasing and Renewal • Revocación

  5. Conceptos

  6. • Seal/Unseal • Tokens • Policy • Secret Backend

  7. Políticas

  8. Proporcionan una manera declarativa de delegar acceso a ciertas rutas

    y operaciones en Vault.

  9. path “secret/*” { capabilities = [ “write”, “list” ] }

  10. path “secret/very-secret/*” { capabilities = [ “deny” ] }

  11. path “secret/not-secret/*” { capabilities = [ “create”, “delete”, “list”, “read”,

    “update” ] }

  12. AWS

  13. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:*",

    "Resource": "*" } ] }

  14. Demo https://git.io/scl-vault-meetup