Introduction
In the current IT world, there has been a need for having secured connectivity and having many private objects, which need to be accessible only for a limited set of applications or services. We call this orchestration “Secrets Management.” There are many tools currently available in the market that caters to this need. Some of them are inbuilt with the cloud-like Secrets Manager for AWS or Docker Secrets or Vaults. Today, in this post, we will discuss Managing Secrets by Vault and Hashicorp. There are many features that are exposed by Vault in regards to implementing and securing the application authorization and authentication.
We will discuss how dynamic secrets can be generated by Vault using AWS IAM Policies and how to send them to an application via API-based calls. An advantage of dynamic secrets is that they are generated when they are accessed. Dynamic secrets do not exist until they are read, so there is no risk of someone stealing them or another client using the same secrets. Because Vault has built-in revocation mechanisms, dynamic secrets can be revoked immediately after use, minimizing the amount of time the secret existed.
from DZone.com Feed http://bit.ly/2FYqWxH
No comments:
Post a Comment