7. 7
PASSING SECRETS IS NOT THE ONLY
CHALLENGE…
Controlling who can access a secret
Monitoring secret usage
Rotating secret values
De-provisioning a secret
9. 9
WHY HASHICORP VAULT?
Purpose built for secrets
Key Rolling
Comprehensive Access control
Expiration policies
Extendable
Easy to integrate
10. 10
CASE STUDY:
AQUA SECURITY INTEGRATION WITH
HASHICORP VAULT
Solution Highlights
Central
management
Secrets are never
persisted to disk
outside of Vault
Secured
communications Host 1 Host 2
Command
Center
Hashicorp
Vault
11. 11
SECRETS ARE INJECTED INTO CONTAINERS
Through environment variables
Or tmpfs mounted volume
14. 14
SECRET ROTATION & REVOCATION
Container secrets can be
updated in runtime
No need to restart container
Deleting a secret removes it
from all running containers