2. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 2
Audit Logs5
Vault Enterprise6
3. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 3
Audit Logs5
Vault Enterprise6
4. A tool for securely storing and accessing secrets
• Provides:
• Centralized secret storage
• Encryption of secrets at rest and in transit
• Audit trail of access to secrets
• Fine-grained access controls
• Encryption as a service
• Identity Based Authentication
What is HashiCorp Vault?
AVIOCONSULTING.COM 4
5. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 5
Audit Logs5
Vault Enterprise6
6. Secrets Management
● Multiple Secrets Engines are available
● Dynamic Secrets - Cloud Providers, DB, etc.
● Ephemeral
● Unique
Vault Use Cases
AVIOCONSULTING.COM 6
7. Data Encryption
• Data is sent to Vault for encryption/decryption
• Encryption keys can be rotated
Vault Use Cases
AVIOCONSULTING.COM 7
8. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 8
Audit Logs5
Vault Enterprise6
9. Connections
• Allow applications to connect to Vault, authenticating via
• Token
• TLS Certificate
• AWS Identity Document
• AWS Instance Metadata
• AWS IAM
Vault Connector and Vault Properties Provider
AVIOCONSULTING.COM 9
10. Accessing Secrets
• Vault Connector
• Read Secrets
• Write Secrets
• Encryption as a Service
• Vault Properties Provider
• Read Secrets
• Properties are read from Vault when the application starts
Vault Connector and Vault Properties Provider
AVIOCONSULTING.COM 10
11. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 11
Audit Logs5
Vault Enterprise6
12. • Deploy Clustered, using Consul backend
Best Practices
AVIOCONSULTING.COM 12
14. • Vault Reference Architecture
https://learn.hashicorp.com/vault/operations/ops-reference-architecture
• Production Hardening Guide
https://learn.hashicorp.com/vault/operations/production-hardening
Best Practices
AVIOCONSULTING.COM 14
15. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 15
Audit Logs5
Vault Enterprise6
18. • Logging Options
• File
• Syslog
• Socket (TCP, UDP, UNIX)
• Logging Operation
• Logs guaranteed to be written before response is sent
Audit Logs
AVIOCONSULTING.COM 18
19. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 19
Audit Logs5
Vault Enterprise6
20. Enterprise Platform
● Disaster Recovery
● Namespaces
Vault Enterprise
AVIOCONSULTING.COM 20
Multi-Datacenter and
Scale
● Performance Replication
● Replication Filters
● Read Replicas
● Path Filters
Governance and Policy
● Control Groups
● HSM Support
● Multi-Factor Authentication
● Sentinel Integration
● Fips 140.2
● Entropy Augmentation
Advanced Data Protection
● KMIP
● Transform
22. • Format Preserving Encryption
• Two-way (FF3-1)
• Encrypt credit card numbers, Social Security numbers, and others while
preserving the format
• e.g. - 1234-1432-1342-2431 → 6423-3456-1234-7786
• Data Masking
• One-way
• e.g. - 523-34-7512 → ###-##-7512
Transform Secrets Engine (Vault 1.4)
AVIOCONSULTING.COM 22
23. • Integrated Storage
• Vault Helm Chart
• OpenLDAP Secrets Engine
• Kerberos Auth Method
• NetApp Enterprise Key Management Support (Enterprise)
• Improved Disaster Recovery (DR) Workflow (Enterprise)
New Features in Vault 1.4
AVIOCONSULTING.COM 23
24. Agenda
What is HashiCorp Vault?1
Vault Use Cases2
Vault Connector and Vault Properties Provider3
Best Practices4
Demo7
AVIOCONSULTING.COM 24
Audit Logs5
Vault Enterprise6