HashiCorp Vault
for
Drupalers
Drupal HackCamp 2018 - București
Slide 2
Slide 2 text
Nick Santamaria
● Drupal developer since 2006
● SysOps Engineer at PreviousNext
● Based in Melbourne, Australia
● HashiCorp Fan
@nicksanta
github.com/nicksantamaria
drupal.org/user/87915
Slide 3
Slide 3 text
The Secret Management Problem
Slide 4
Slide 4 text
What are Secrets?
A piece of information that
proves an identity, or
authorization to perform
certain functions.
● Username & Password
● API Token
● TLS Certificate
Slide 5
Slide 5 text
What are Secrets?
Things in this realm must be
carefully handled.
● Who has access?
● When did they access
it?
● How will they be
rotated?
Slide 6
Slide 6 text
In the Wild
They are in your settings.php
files.
Slide 7
Slide 7 text
In the Wild
They are in your config exports.
Slide 8
Slide 8 text
In the Wild
They are in your ansible
playbooks.
Slide 9
Slide 9 text
Secret Sprawl
Slide 10
Slide 10 text
HashiCorp Vault
Slide 11
Slide 11 text
The Secret Management Problem
Vault addresses the
challenges of secrets
management.
● Centralised
● Fine-grained access
control
● Audit trail
Slide 12
Slide 12 text
“moving from a world of sprawl to a world of
centrality; with strong guarantees around
encryption, access control, and visibility.”
- Armon Dadgar, HashiCorp CTO
Slide 13
Slide 13 text
The Application Problem
or: Software sucks at keeping secrets
Slide 14
Slide 14 text
The Application Problem
Applications will inevitably
expose secrets.
● Logs
● Stack traces
● Monitoring tools