ARE YOUR PASSWORDS SECURE? HashiCorp Vault & Spring Vault

Transcript

1. ARE YOUR PASSWORDS SECURE? New Methods 
 Increase Security @welsayedaly

2. @welsayedaly Walid El Sayed Aly

3. http://bit.ly/2zFWyBR

4. What is a secret? Why we must change our way

   HashiCorp Vault Use Cases Architecture Installation and Config Secrets Backends Statics and Dynamics Secrets Demo AGENDA

5. Spring Vault with HashiCorp Vault What does Spring Vault offer?

   Which HTTP clients support Spring Vault? Demo Static (Key/Value) & Dynamic (PostgresSQL) AGENDA

6. CHAPTER 1 HashiCorp Vault

7. What is a secret?

8. A secret is anything used for authentication or authorization: user/password,

   API tokens, TLS certificate, etc. can be also any sensitive data that could be confidential, like credit cards, social security numbers, e-mail, etc.

9. Why you must change your way to save secrets.

10. None
11. None

12. “If you connect it to the Internet, someone will try

    to hack it.” Brian Krebs

13. HashiCorp Vault

14. HashiCorp Vault Vault provides a single interface for each secret

    It saves, stores and manages passwords, certificates and tokens Vault records a detailed audit log

15. HashiCorp Vault Use Cases Secret Management Dynamic Secrets Encrypting as

    a service Prevailing Access Management Leasing and Renewal Revocation

16. HashiCorp Vault Architecture

17. HashiCorp Vault Installation vault server -config=/path_to_vault_config_file -dev -dev-root-token-id="9746523452" -dev-listen-address="127.0.0.1:8201" Do

    Not Run DEV Modus in Production!

18. Vault Config File backend "inmem" { } listener "tcp" {

    address = "127.0.0.1:8200" tls_cert_file=“/Path_CERT_FILE” tls_key_file=“Path_CERT_KEY_FILE” tls_min_version="tls10" } disable_mlock = true

19. Vault Secret Backend Systems Databases: MySQL, Postgres, Oracle, SAP HANA

    NoSQL: MongoDB, Cassendra Cloud Backends: AWS Key/Value: physical storage

20. Vault Static and Dynamic Secrets Static secrets are like Key/Value

    secrets Dynamic secrets are generated when they are accessed
21. None

22. CHAPTER 2 Spring Vault with HashiCorp Vault

23. Spring Vault dependencies { compile 'org.springframework.vault:spring-vault-core: 2.0.0.M3' }repositories { maven

    { url 'https://repo.spring.io/libs-milestone' } }

24. Spring Vault provides abstractions and client-side support for accessing, storing

    and revoking secrets with HashiCorp Vault Vault Repositories: like the concept of Spring Data, offer Spring Vault CRUD Operation to access Secrets from HashiCorp

25. Spring Vault Reactive Vault Client Audit authentication steps to compose

    authentication flows

26. Spring Vault Which HTTP Clients support Spring Vault? RestTemplate Apache

    Http Components Java java.net.URLConnection (HttpURLConnection) Netty OkHttp 3 von square
27. None

28. Conclusion Secure your data and do not only decrypt Use

    new technology like HashiCorp to manage your secrets Apps and OPS mustn’t know which secrets they use Spring Vault is nice to use for apps that already use Spring frameworks

29. Are Your Passwords Secure?

30. THANK YOU