Switzerland Has Bunkers, we Have Vault!

Switzerland Has Bunkers, we Have Vault!

Vault is an open-source tool by Hashicorp specifically designed for securing and managing all kind of secrets, from passwords to database credentials or encryption keys. In this talk, we start by laying out the foundations of Vault by discussing the concepts of untrusted storage backends, authentication methods, sealing/unsealing processes, response wrapping, and dynamically generated short-lived secrets. Building up on that, we present several real-world scenarios and demonstrate how Vault can be used in these situations to implement an architecture with a high separation of concern and low trust. For every scenario, we seek to put ourselves in an attacker's shoes, and analyze what would be the impact of the compromission of each component on the overall architecture.


Christophe Tafani-Dereeper

November 09, 2018