10. Vault Basic Workflow
Diagram showing a client (human or service) retrieving a static secret
Common questions:
• Where are secrets stored?
Vault supports a variety of storage
methods, such as disk, database, S3,
Consul.
• How are secrets encrypted?
Vault uses 256-bit Advanced Encryption
Standard (AES) cipher in the Galois
Counter Mode (GCM) with 96-bit nonces.
• What auth methods are supported?
Active Directory, Gmail, Github, AWS,
Azure, Kubernetes JWT, and more.
• What type of secrets are supported?
Static, Dynamic, PKI (TLS certificates),
Database, Encryption Keys and more.
16. What
Leading Software company for
creative apps. Creative Cloud and
Adobe Experience – analytics, ads
Challenge
• Multiple secret management
solutions
• How to accomplish secure
introduction of services
• Large scale, distributed, multi-
cloud
Why Vault?
• Easy REST API
• Highly Available
• Centralized audit
Result
• Company-wide solution
• Ability to deploy short lived,
dynamic secrets
• Secure introduction with
response wrapping
Case Study – Adobe / Vault
17. Case Study – Adobe / Vault
Reference: https://youtu.be/THlpkBioAWQ
Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud.
And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud.
And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
As has been the case in every prior infrastructure transition, the catalyst for this shift is a change in the TYPE of application being built today.
These new ‘systems of engagement’ (credit Geoffrey Moore) — those applications built to engage customers and users — tend to (a) be very “spikey” in their usage characteristics (100K users at noon and 100 users at midnight) and (b) are under enormous pressure to be built quickly. Both of those characteristics make it inevitable that they will be on cloud.
However invariably these new ‘systems of engagement’ must connect to ‘systems of record’ (e.g. the core database, the core mainframe system etc.) on-premises, and so organizations end up in this hybrid world whether they like it or not.
http://wiki.p2pfoundation.net/Systems_of_Engagement
In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
Talk about what’s happening in the world of infrastructure where we are going through a transition that happens in our industry every 20 years: this time from one which is largely dedicated servers in a private datacenter to a pool of compute capacity available on demand. In simple terms, this is a shift from “static” infrastructure to ‘dynamic infrastructure’ which is the reality of cloud.
And while the first cloud provider was AWS, it is clear that it will be a multi-cloud world. Each of these platforms have their own key advantages and so it is inevitable that most G2K organizations will use more than one. This is not about moving applications around (since data gravity is a constraint) but rather creates a need for a common operating model across these distinct platforms that allows different teams to leverage the platform for their choice.
In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.
In the cloud model, Vault inserts itself into the middle of this flow and creates an intermediary step.