« Previous 1 2 3 Next »

Credential management with HashiCorp Vault

Key Master

Depending on a company's security paradigm, the admin team members share a joint account or assign admin rights to personal accounts. In the first case, each member must know the account's shared password. This sometimes leads to unfortunate situations when an established employee leaves the team or even the company. In the second case, the administrators handle all their daily tasks with a user account that has rights far above normal levels.

Additionally, the use of cloud infrastructure along with dynamic resource management is geared to the actual needs of the respective services. In high-utilization situations, instances added at short notice carry out the necessary calculations. User accounts for databases or APIs in such dynamic environments typically share secret keys for encrypting communication or access to shared filesystems. Each password is then stored in a widely available configuration file that is used when setting up the instance for configuration. Alternatively, the shared admin password is used to log in and the remaining configurations are semiautomatic.

In both scenarios, different instances use the same secrets to perform the work to be done. On the one hand, this leads to accountability issues for the work performed – for example, traceability: Who logged into the administrative account on a system and when? If cloud instances have the same access credentials for database access, it is impossible to determine unambiguously which instance is responsible for errors or malicious actions. On the other hand, existing structures can change after distributing the secrets. This results in new problems: What happens to the old password? Do you need to equip all systems with a new password or is it sufficient to do this for future instances?

Installation and Configuration

HashiCorp [1] is known in the field of

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © phive2015, 123rf.com
    Secrets and certificate management
    Vault is a highly secure, trusted place to keep your secrets and certificates.
    more »
  • Photo by London Scout on Unsplash
    Automatic data encryption and decryption with Clevis and Tang
    Encrypting hard disk partitions during the installation of an operating system is standard procedure. When booting the computer, you then need to enter a matching passphrase to unlock the hard drive. We show you how to automate this process and link it to a policy.
    more »
  • Lead Image © Amri Wolfgang, 123RF.com
    Jenkins Configuration as Code
    The move from Groovy scripts to Jenkins Configuration as Code simplifies the initialization of Jenkins and Jenkins plugins.
    more »
  • Lead Image © Marqs, photocase.com
    Password management with FreeIPA
    Passwords should be safe, but easy to remember – a contradiction that can be difficult to resolve. One remedy is a password manager that stores all passwords centrally. The open source tip this month shows a different approach: FreeIPA.
    more »
  • Lead Image © Iaroslav Neliubov, 123RF.com
    Jira, Confluence, and GitLab
    Jira, Confluence, and GitLab are very popular DevOps tools and often form the basis for agile work flows. With the right Ansible playbooks, Ubuntu can be turned into an agile work center.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=