Contenu connexe Similaire à Vault 1.5 Overview (20) Plus de Mitchell Pronschinske (20) Vault 1.5 Overview2. Vault 1.5 - Launch Webinar
Justin Weissig
Sr. Technical Product Marketing Manager
3. Agenda - What’s New?
▪ Vault 101
▪ Splunk App for Monitor Telemetry & Log Data
▪ Resource Quota (DDoS Protection - OSS & Enterprise)
▪ Redhat OpenShift - Helm Chart
▪ Replication UI Improvements
▪ Many other improvements and bug fixes
∕ 3Copyright © 2020 HashiCorpAgenda
4. Secrets management to centrally store
and protect secrets across clouds and
applications.
Data encryption to keep application
data secure across environments and
workloads.
Advanced data protection to secure
workloads and data across traditional
systems, clouds, and infrastructure.
∕ 4Copyright © 2020 HashiCorpVault 101
5. Splunk
Reporting templates (aka
Splunk “App”) for Enterprise
customers. The app is
accompanied by an
updated monitoring guide
and a few new telemetry
metrics to enable more
users to better monitor
Vault.
∕ 5Copyright © 2020 HashiCorpSplunk App
6. TERMINAL
$ vault write sys/quotas/rate-limit/global-rate
rate=500 burst=1000
Error writing data to kv/app/apikey: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/test/data/creds3
Code: 429. Errors:
request path "kv/app/apikey": rate limit quota exceeded
Resource
Quotas
Rate limit requests on Open
Source and Enterprise.
Enterprise customers also
have the ability to set quotas
on the number of leases that
can be generated on a path.
∕ 6Copyright © 2020 HashiCorpResource Quotas
7. TERMINAL
$ helm install vault hashicorp/vault
--set "global.openshift=true"
--set "server.dev.enabled=true"Red Hat
OpenShift
Installing Vault via the Helm
chart and using the Vault
K8s Agent Injector on
OpenShift are now
supported.
∕ 7Copyright © 2020 HashiCorpRed Hat OpenShift
8. Replication
UI Improvements to create
dashboards that are easy to
read, easy to parse, and
make problems easier to
see and troubleshoot.
We’re excited to share our
redesigned dashboards
with you.
∕ 8Copyright © 2020 HashiCorpReplication UI
9. TERMINAL
$ vault monitor -log-level=DEBUG
2020-07-16T22:13:39.352-0700 [INFO] core: restoring leases
2020-07-16T22:13:39.352-0700 [INFO] rollback: starting rollback manager
2020-07-16T22:13:39.352-0700 [INFO] identity: entities restored
2020-07-16T22:13:39.352-0700 [INFO] identity: groups restored
2020-07-16T22:13:39.352-0700 [INFO] expiration: lease restore complete
2020-07-16T22:13:39.352-0700 [INFO] core: post-unseal setup complete
2020-07-16T22:13:39.352-0700 [INFO] core: vault is unsealed
2020-07-16T22:13:39.359-0700 [INFO] core: successful mount:
namespace= path=secret/ type=kv
2020-07-16T22:13:39.368-0700 [INFO] secrets.kv.kv_60d685c9:
collecting keys to upgrade
...
Vault
Monitor
Added a new “vault
monitor” command, which
lets users stream logs of a
running Vault server.
∕ 9Copyright © 2020 HashiCorpVault Monitor
10. Password
Policies
Password policies are used
in some secret engines to
allow users to define how
passwords are generated for
dynamic & static users within
those engines.
CODE EDITOR
length = 20
rule "charset" {
charset = "abcdefghijklmnopqrstuvwxyz"
min-chars = 1
}
rule "charset" {
charset = "0123456789"
min-chars = 1
}
rule "charset" {
charset = "!@#$%^&*"
min-chars = 1
}
∕ 10Copyright © 2020 HashiCorpPassword Policies