Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing IaC Workflows

Kerim Satirli
PRO
June 01, 2022
Programming
0
160

Securing IaC Workflows

In this demo, I show how to secure Infrastructure as Code (IaC) workflows using HashiCorp Cloud offerings HCP Vault and HCP Packer, with a bit of Terraform Cloud best-practices sprinkled in for operational happiness.

---

Companion Code: https://github.com/ksatirli/securing-iac-workflows

Kerim Satirli
PRO

June 01, 2022
Tweet

More Decks by Kerim Satirli

See All by Kerim Satirli
Increasing the Security Posture of your Pipelines
ksatirli
PRO
0
2
How to Secure Edge Compute
ksatirli
PRO
0
12
Patterns that Protect
ksatirli
PRO
0
10
What We Learned from Building Edge Compute
ksatirli
PRO
0
39
Level Up your Infrastructure Skills
ksatirli
PRO
0
110
Kubernetes Ingress with Consul and ngrok
ksatirli
PRO
0
110
Replacing Long-lived Passwords with Dynamic Secrets
ksatirli
PRO
0
94
How to Get Your Website Into the Cloud
ksatirli
PRO
0
65
Scaling Security when Deploying Globally
ksatirli
PRO
0
150

Other Decks in Programming

See All in Programming
外部APIとズブズブな開発どうしてますか?
kin29
1
340
WebViewと向き合う
mkeeda
1
160
初めましてLaravel、君のことを教えてくれ! 〜春に就職したばかりの新卒エンジニアが調べた内部仕様と、そのプロセス〜
amixedcolor
0
180
2023/09/23 「AIキャラクターの言動に深みを持たせる」
sr2mg4
1
600
メタバースプラットフォーム 「INSPIX WORLD」はPHPもC++もまとめてC#に統一! ~MagicOnionが支えるバックエンド最適化手法~
pulse1923
0
150
マイクロサービスの効率的な監視〜不安定な依存先との闘い〜
taowata
6
1.1k
作って学ぶadbプロトコル / Create and learn adb protocols
ntsk
0
950
Reimagining text fields in Compose (dcNYC 23)
zachklipp
0
260
A JVM Threading Model for the containerized times
lhespanha
0
1k
ruby.wasmでブラウザを酷使してみよう / 2023-MatsueRubyKaigi
lnit
0
150
Rcloneを使った定期的なストレージ同期
yuhta28
0
150
ノーコードE2Eテストで実現する高速開発
nozomiito
0
200

Featured

See All Featured
Done Done
chrislema
178
15k
Optimizing for Happiness
mojombo
368
67k
The Invisible Side of Design
smashingmag
292
49k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.1k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.5k
It's Worth the Effort
3n
179
27k
Statistics for Hackers
jakevdp
787
210k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
880
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Clear Off the Table
cherdarchuk
81
300k
A Philosophy of Restraint
colly
195
15k

Transcript

  1. Secure Workflows with
    HCP Vault and Packer
    Kerim Satirli
    Sr. Developer Advocate
    HashiCorp

    View Slide

  2. Sr. Developer Advocate at HashiCorp
    he / him
    @ksatirli
    Kerim
    Satirli

    View Slide

  3. Cloud Infrastructure Automation
    Consistent workflows to provision, secure,
    connect, and run any infrastructure for
    any application.

    View Slide

  4. Workspaces
    vault-deployment
    Workspace to deploy and
    manage lifecycle of an
    HCP Vault Clusters
    vault-config
    Workspace to configure
    an (HCP) Vault Cluster
    for use with AWS
    packer
    Packer Template for
    AWS EC2 Instances
    packer-registry
    Workspace to deploy
    EC2 Instances using
    HCP Packer Registry
    workspaces
    Terraform Cloud Workspace
    to manage the lifecycle of
    Terraform Cloud Workspaces

    View Slide

  5. Workspace Isolation
    vault-deployment
    Workspace to deploy and
    manage lifecycle of an
    HCP Vault Clusters
    vault-config
    Workspace to configure
    an (HCP) Vault Cluster
    for use with AWS
    packer
    Packer Template for
    AWS EC2 Instances
    packer-registry
    Workspace to deploy
    EC2 Instances using
    HCP Packer Registry
    workspaces
    Terraform Cloud Workspace
    to manage the lifecycle of
    Terraform Cloud Workspaces

    View Slide

  6. Terraform Cloud
    https://app.terraform.io/app/a-demo-organization/

    View Slide

  7. HashiCorp Cloud Platform
    https://portal.cloud.hashicorp.com/

    View Slide

  8. Useful
    Links
    ▪ slides: speakerdeck.com/ksatirli/securing-iac-workflows
    ▪ code: github.com/ksatirli/securing-iac-workflows
    ▪ HCP sign-up: hashi.co/hcp-signup-june22

    View Slide

  9. Thank You
    [email protected]

    View Slide