Securely managing application secrets can be challenging - especially in complex, multi-datacenter environments. Many common secret management tools and services only solve specific use cases, and are often coupled to specific cloud providers.
HashiCorp Vault is an open-source secret management tool designed to support distributed applications and infrastructure as first-class citizens. It provides powerful features such as:
- Centralised secret storage
- Dynamic secrets
- Encryption as a Service
- Identity brokering
- Access control management
- Audit logging
This session will introduce some important Vault concepts and operational considerations, before diving into a technical demonstration of the current Drupal integration capabilities.
Slides
Resources
The projects I showed off in the demo:
- Vault
- Token Authentication Provider
- Key Value Secret Engine
- AWS Secret Engine
- Encrypt-as-a-Service Secret Engine
- Key
- Encrypt
- Field Encrypt
- S3FS
Photo credit: @HN_Will.