Show List
Introduction to Hashicorp Vault
Hashicorp vault is an an identity based secrets (such as certificates, passwords and encryption keys) management system. Vault services are protected through authentication and authorization methods.
Features of Hashicorp Vault
Below are the key features of Hashicorp Vault
- Secured Secrets: Secrets can be stored in Vault as key/value pair. Vault encrypts the secrets before storing them.
- Can generate secrets: Vault has various APIs that integrate well with other authentication managers and so can generate secrets on demand for the applications. Such as to access AWS or SQL database.
- Secrets Expiry and Renewal: Secrets in Vault have expiry dates. Clients can extend the date using built in APIs. Secrets can also be set up to renew automatically.
- Secrets Revocation: Vault can revoke the secrets to prevent security attacks.
- Available as Open Source, Enterprise and cloud hosted versions.
How does the Vault work
Here is how the Vault works
- Authentication: Users/Applications that want to access Vault are authenticated using one of various supported methods such as user name/password, RoleId & Secret ID, TLS certificate or trusted third party authentication.
- Authorization against Policy and Token generation: The authenticated clients are matched against the policies. A token is generated and linked to the policies to which client has access to. Token is then provided to the client in response. The token has a validity period.
- Client Accessing Secrets: Using the provided token and secrets path clients call the Vault. Vault matches the token against the secret paths it has access to and accordingly returns the key/value pair from the secrets path.
Leave a Comment