Wednesday, December 9, 2015

How to keep secrets with Vault

A tool for managing secrets.
  1. Knowledge
    1. Vault is a data-store for your infrastructure's tokens, passwords, certificates, API keys, and generally all things secret.
  2. Strategy
    1. Installation
      1. Download and install the binary.
    2. Configuration
      1. A config file is loaded with the Vault CLI -config flag.
      2. Two fields are required, Backend and Listener.
        1. Backend is where the Vault data is stored.
        2. Listener is where Vault receives API requests.
  3. Execution


  1. Is it safe to disable TLS like that?

  2. Probably not as safe as using it in addition to SSL, but this is just a port from Hashicorp's provided example. I could remove that field, but then would need to include all the key information. Good catch, this configuration could be made even more secure by enabling TLS.

    1. After further reading, it looks like TLS v1.2 is becoming the standard as a replacement to SSL v3.0. Seems I may have to use it, as opposed to SSL.