As large enterprises move toward organization-wide adoption of DevOps, one challenge they face is the handling of secrets, typically used for authentication. Automation precludes us from using a human being as a source of trust, and security requires us to make sure credentials are not stored in a format from which they could leak sensitive info, e.g., never in code.
In this talk, Ali Hussain from Flux7 will discuss how they are using HashiCorp Vault at one of the largest payments and credit card providers. I’ll share core principles of modern secret management and how we used Vault and Consul for a fail-safe, automated, dynamic secrets management solution as part of a sustainable and scalable DevSecOps approach that helps proactively meet security, risk and compliance objectives. I’ll cover the journey toward DevSecOps, best practices and toolkit used in this use case, starting with a basic, secure installation of Vault with a Consul back-end configured for a few users to expanded use through a highly available and federated installation that allows administrators, end users, and applications to have zero downtime due to unavailability.
Ali Hussain is CTO and co-founder at Flux7, an award-winning Austin based IT consulting company recognized by AWS for its proficiency in DevOps. As a HashiCorp Premier Systems Integration partner, Flux7 helps organizations establish a framework for repeatable deployments of Vault and Consul on top of their existing infrastructure or as part of a new infrastructure solution.