Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure Day 2 operations with Boundary and Vault

Rosemary Wang
June 06, 2024
Technology
0
3

Secure Day 2 operations with Boundary and Vault

Originally presented at HashiDays: Munich.

Your application developers and platform engineers need to log into machines and services for Day 2 operations, like break glass fixes and manual application testing. In this session, Rosemary shows how systems of record in Terraform, Vault, and Boundary can help secure and facilitate access to machines and services.

Rosemary Wang

June 06, 2024
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Can You Test Your Infrastructure as Code?
joatmon08
1
18
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
16
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
13
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
21
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
28
Building a Developer Platform? Ask these questions.
joatmon08
0
16
From Cloud-Hosted to Cloud-Native
joatmon08
0
46
Refactoring Applications for Dynamic Secrets
joatmon08
1
31
Catching Commits to Secure Infrastructure as Code
joatmon08
1
46

Other Decks in Technology

See All in Technology
スクラムチームの品質戦略 1年の歩み
hacomono
PRO
1
150
えにしテックさん15周年に寄せて〜万葉と私のこれまでの学び〜
nay3
43
26k
「開発生産性を上げる改善」って儲かるの?に答えられるようにする / Is development productivity profitable?
i35_267
20
9.7k
Recap: Kotlin Language Features in 2.0 and Beyond (Michail Zarečenskij)
dalinaum
0
400
マイクロサービスの現場からプラットフォームエンジニアリングの可能性を探る!
abnoumaru
1
3.9k
IaCツールのいろいろ
takesection
0
210
Introducing Azure Automation Runtime Environment
mappie_kochi
0
170
初めましてが多いチームの形成期にEMが取り組んだ事
shoheimitani
1
120
お手並み拝見にしないオンボーディング
zuckey_17
2
1.3k
スクラムエッセンス導入3ヶ月のチームに起きた変化
hacomono
PRO
1
140
ANDPAD and Ruby
andpad
1
300
効果的なLLM評価法 LangSmithの技術と実践
knishioka
0
110

Featured

See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
15
1.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
261
12k
Building Your Own Lightsaber
phodgson
101
5.8k
Product Roadmaps are Hard
iamctodd
PRO
46
10k
Producing Creativity
orderedlist
PRO
339
39k
Making the Leap to Tech Lead
cromwellryan
126
8.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
23
2k
[RailsConf 2023] Rails as a piece of cake
palkan
31
4.3k
How GitHub Uses GitHub to Build GitHub
holman
471
290k
Fashionably flexible responsive web design (full day workshop)
malarkey
399
65k
StorybookのUI Testing Handbookを読んだ
zakiyama
14
4.8k
Learning to Love Humans: Emotional Interface Design
aarron
269
39k

Transcript

  1. ©2024 HASHICORP 1 Infrastructure as code Production infrastructure

  2. ©2024 HASHICORP Platform teams AppDev teams Cloud services 2 Lifecycle

    management Day 0 & 1 - Automated Day 2 - Manual? As code? INFRASTRUCTURE & SECURITY

  3. ©2024 HASHICORP 3

  4. ©2024 HASHICORP Chief Developer Advocate HashiCorp she/her @joatmon08 Rosemary Wang

  5. ©2024 HASHICORP 5 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

  6. ©2024 HASHICORP 6 “…an information storage and retrieval system that

    can serve as an authoritative source of truth.” business.adobe.com/blog/basics/systems-of-record

  7. ©2024 HASHICORP 7 Machines Endpoints Infrastructure Credentials Certificates Encryption Keys

    Secrets Users Identity Systems of record

  8. ©2024 HASHICORP 8 Infrastructure as code Production infrastructure Secrets Credentials

    to access services Infrastructure resources and policies User access to targets

  9. ©2024 HASHICORP 9 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs

  10. ©2024 HASHICORP 10 github.com/joatmon08/ hashicorp-stack-demoapp

  11. ©2024 HASHICORP 11

  12. ©2024 HASHICORP 12 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs Use session recording to reconcile automation

  13. ©2024 HASHICORP 13

  14. ©2024 HASHICORP 14 Infrastructure as code Production infrastructure Secrets Generate

    dynamic database username and password Create database & configure secrets engine Identify admins or developers who can access database

  15. ©2024 HASHICORP 15 github.com/joatmon08/ terraform-aws-postgres

  16. ©2024 HASHICORP 16

  17. ©2024 HASHICORP 17

  18. ©2024 HASHICORP 18 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

  19. ©2024 HASHICORP 19 Integrate and use data to authorize and

    audit Establish systems of record Summary Configure just-in-time access to production as needed Generate just-in-time production access Assess recurring Day 2 operations that can be automated Reconcile automation

  20. ©2024 HASHICORP Rosemary Wang @joatmon08 joatmon08.com Thank you!