Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is Security? ! Security is the practice of risk management • Deciding which risks can be accepted • Guarding against violation ! Risk increases with system complexity 2
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Trust ! Trusted entity will not divulge secrets 9 You Me 3rd Party Producer Hop Hop Consumer Circle of Trust Chain of Trust
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Goals ! Minimize risk at any given trust link • Minimize risk of exposure ! Get a secret securely from producer to consumer • Still, assume secrets may get eventually divulged 10
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Vault Project ! Secure storage ! Encryption ! HA ! HTTP API 12
Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Start and initialize Vault Demo
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Secret sprawl ! Secrets are distributed in a distributed system ! Limit access ! Audit when a secret was accessed by who ! Discover breach 14
Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Storing/Loading generic secrets Demo
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Lease and Expiry ! Probability of secret exposure increases over time ! Ephemeral secrets ! Rotation ! Expiration ! Revocation ! Built-in „Break Glass“ procedure 16
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application requirements ! Access databases and services ! Rotate credentials ! Deal with encryption 21
Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Using Spring Vault Demo
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Vault ! Spring 4, Java 1.6 ! Machine authentication ! Property sources ! Encryption 23
Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Using Spring Cloud Vault Demo
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Cloud Vault ! Spring Boot Integration ! Using Spring Vault ! Property sources ! Lease renewal ! Database & service integrations 25