0% found this document useful (0 votes)

5 views

19-Vault

Uploaded by

20nm440

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views

19-Vault

Uploaded by

20nm440

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 22

Mehdi LARUELLE Be secret like a ninja with

@D2SI Hashicorp Vault

Whoami ?
D2SI Me

Mehdi LARUELLE
Cloud & Automation
@mehdilaruelle
Github Access
Table of contents

1 Contextualization

2 How does Vault work ?

3 Steps to become a ninja

4 Demonstration
1 // Contextualization
Problem ?

Mail Code
Vault ? Why ?
2 // How does Vault work ?
Methods & Engines
Auth methods App
Users

● LDAP ● Approle (pipeline)

● RADIUS ● TLS Certificate
● OKTA ● Kubernetes
● JWT ● JWT / OIDC
● Github ● AliCloud / Azure / AWS
/ GCP
● LDAP
Methods & Engines
Secrets
engines

Dynamic Encryption as
Static secrets
secrets a Service

K/V Cloud Technology Others Transit

● Alicloud ● Active ● PKI

● AWS Directory ● SSH
● GCP ● Consul ● TOTP
● GCP KMS ● Database
● Azure ● Nomad
● RabbitMQ
3 // Steps to become a ninja
Steps to be a ninja

Put secrets in Make secrets Encrypt sensitive

Find secrets
Vault dynamics data
Steps to be a ninja

Put secrets in Make secrets Encrypt sensitive

Find secrets
Vault dynamics data
Approle
How is it working ?

1.
Se Send
cre
t ID

2. Auth with Approle

3. Get Token

end
S ID 4. Get secrets with Vault token
1. ole
R
Steps to be a ninja

Put secrets in Make secrets Encrypt sensitive

Find secrets
Vault dynamics data
Secret as a Service
1.Ask DB credentials

3.Get credentials

5.Ask to revoke credentials

ls
tia
n it
4.A to au

e de ve
cr ie
pp the

e retr
lica nt

ls
a t

tia
re and
tio icat

en
c
lt B
nu ei

ed
au D

cr
V
se nto

2. into

ke
cre DB

vo
Re
de

6.
nti
als
Steps to be a ninja

Put secrets in Make secrets

Find secrets Encrypt data
Vault dynamics
EaaS: Encryption as a Service
Application A Application B
1.Put raw data 5.Put encrypted data

2.Get encrypted data 6.Get decrypted data

3.
Pu
te ta
nc
ry da
pt ed
e pt
d ry
da
ta enc
et
G
4.
Demonstration
To infinity... and beyond!

Consul
service
mesh

envconsul
and / or
consul-
template

Vault Agent
Question ?

The last but not least

9700 Key Manager Application Manual
No ratings yet
9700 Key Manager Application Manual
13 pages
Secrets Management
No ratings yet
Secrets Management
19 pages
Hashicorp Vault
No ratings yet
Hashicorp Vault
12 pages
openshiftanwendertreffenvault
No ratings yet
openshiftanwendertreffenvault
58 pages
Dynamic Secrets Retrieval in Microsoft Azure App Service With HashiCorp Vault - by Andy Assareh - HashiCorp Solutions Engineering Blog - Medium
No ratings yet
Dynamic Secrets Retrieval in Microsoft Azure App Service With HashiCorp Vault - by Andy Assareh - HashiCorp Solutions Engineering Blog - Medium
8 pages
Whitepaper en
No ratings yet
Whitepaper en
36 pages
Hashicorp Vault
100% (1)
Hashicorp Vault
28 pages
Section 7: Vault Security Hardening
No ratings yet
Section 7: Vault Security Hardening
22 pages
Vault For Teenagers
No ratings yet
Vault For Teenagers
18 pages
02-PAS-Fundamentals-The Vault
No ratings yet
02-PAS-Fundamentals-The Vault
33 pages
whitepaper-en_Dashlane
No ratings yet
whitepaper-en_Dashlane
42 pages
Running HashiCorp Vault in Production (Dan McTeer, Bryan Krausen) (Z-Library)
100% (1)
Running HashiCorp Vault in Production (Dan McTeer, Bryan Krausen) (Z-Library)
276 pages
1password For Teams White Paper PDF
No ratings yet
1password For Teams White Paper PDF
81 pages
Azure Keyvault
No ratings yet
Azure Keyvault
5 pages
Vault Part 2 Concepts
100% (1)
Vault Part 2 Concepts
16 pages
Creating and Working With The ID Vault: Gabriella Davis The Turtle Partnership
No ratings yet
Creating and Working With The ID Vault: Gabriella Davis The Turtle Partnership
78 pages
Cyberark Vault Features
No ratings yet
Cyberark Vault Features
21 pages
Download Running HashiCorp Vault in Production 1st Edition Dan Mcteer ebook All Chapters PDF
100% (1)
Download Running HashiCorp Vault in Production 1st Edition Dan Mcteer ebook All Chapters PDF
37 pages
Vault Enduser Guide
No ratings yet
Vault Enduser Guide
10 pages
AZ 500T00A ENU Powerpoint 03
No ratings yet
AZ 500T00A ENU Powerpoint 03
74 pages
Azure Key Vault and Automated Deployment
No ratings yet
Azure Key Vault and Automated Deployment
37 pages
Lab 4_ Cloud Data Encryption Using Vault (Cloud Security)
No ratings yet
Lab 4_ Cloud Data Encryption Using Vault (Cloud Security)
3 pages
02-PAS-ADMIN EPV Administration
No ratings yet
02-PAS-ADMIN EPV Administration
58 pages
Module-3
No ratings yet
Module-3
143 pages
J-07-OCI Vaults-Transcript
No ratings yet
J-07-OCI Vaults-Transcript
5 pages
Azure Key Vault
No ratings yet
Azure Key Vault
6 pages
Azure Key Vault 2
No ratings yet
Azure Key Vault 2
7 pages
1password White Paper
No ratings yet
1password White Paper
100 pages
Sky Task (2732)
No ratings yet
Sky Task (2732)
11 pages
best-practices-guide-final
No ratings yet
best-practices-guide-final
23 pages
Vault Rancher
No ratings yet
Vault Rancher
36 pages
Azure security baseline for Key Vault 4
No ratings yet
Azure security baseline for Key Vault 4
15 pages
Topico 3
No ratings yet
Topico 3
62 pages
Azure Key Vault 3-1
No ratings yet
Azure Key Vault 3-1
3 pages
Azure Key Vault 3
No ratings yet
Azure Key Vault 3
3 pages
Vault Part 1 Internals
100% (1)
Vault Part 1 Internals
18 pages
CyberArk 02-PAS-ADMIN EPV Administration
100% (1)
CyberArk 02-PAS-ADMIN EPV Administration
59 pages
az204day4en1731002295718
No ratings yet
az204day4en1731002295718
71 pages
About - Azure Key Vault
No ratings yet
About - Azure Key Vault
253 pages
Metallic SaaS Backup - Security Whitepaper
No ratings yet
Metallic SaaS Backup - Security Whitepaper
6 pages
What Is Key Vault
No ratings yet
What Is Key Vault
3 pages
Presentation de Lencryptage Bout À Bout Avec NextCloud
No ratings yet
Presentation de Lencryptage Bout À Bout Avec NextCloud
24 pages
Security in Cloud Computing (Salmon Joy)
No ratings yet
Security in Cloud Computing (Salmon Joy)
22 pages
CyberArk Cookbook - Lesson 1a
100% (1)
CyberArk Cookbook - Lesson 1a
20 pages
Running HashiCorp Vault in Production 1st Edition Dan Mcteer download
No ratings yet
Running HashiCorp Vault in Production 1st Edition Dan Mcteer download
41 pages
Unit-3 Hadoop Environment
No ratings yet
Unit-3 Hadoop Environment
31 pages
Cloud Security: Timothy Brown
No ratings yet
Cloud Security: Timothy Brown
40 pages
Running HashiCorp Vault in Production 1st Edition Dan Mcteer download
100% (1)
Running HashiCorp Vault in Production 1st Edition Dan Mcteer download
71 pages
Cyberark Privilege Cloud Security Overview
No ratings yet
Cyberark Privilege Cloud Security Overview
4 pages
1password White Paper 0.4.5
No ratings yet
1password White Paper 0.4.5
106 pages
1password Security Design v0.3.1
No ratings yet
1password Security Design v0.3.1
89 pages
Vault Security
No ratings yet
Vault Security
18 pages
White Paper - Trust Nothing. Authenticate and Authorize Everything
No ratings yet
White Paper - Trust Nothing. Authenticate and Authorize Everything
8 pages
Introduction to Azure Key Vault
No ratings yet
Introduction to Azure Key Vault
8 pages
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
No ratings yet
Implementing OAuth 2.0 With AWS API Gateway, Lambda, DynamoDB, and KMS - Part 1
15 pages
04 Microsoftazurefundamentalssecurity 1606403886308
No ratings yet
04 Microsoftazurefundamentalssecurity 1606403886308
23 pages
REST API Security Cheat Sheet - 1714665717010
No ratings yet
REST API Security Cheat Sheet - 1714665717010
16 pages
Keeper - Privacy Policy
No ratings yet
Keeper - Privacy Policy
9 pages
1password White Paper
No ratings yet
1password White Paper
111 pages
ZN17 ASapozhnikov Securing Clouds in GCP
No ratings yet
ZN17 ASapozhnikov Securing Clouds in GCP
28 pages
Gaming and NFTs: The Intersection of Crypto and Gaming for Investors.
From Everand
Gaming and NFTs: The Intersection of Crypto and Gaming for Investors.
DORIA MYERS
No ratings yet
Agenda Lashista Chicas Pesadas
100% (1)
Agenda Lashista Chicas Pesadas
100 pages
Unit 1 & 2 cyber law
No ratings yet
Unit 1 & 2 cyber law
8 pages
Cyber Crime
No ratings yet
Cyber Crime
32 pages
Smartphone Security Guidelines
No ratings yet
Smartphone Security Guidelines
15 pages
Cybersecurity Writing+Incident+Reports+-+Submission
100% (1)
Cybersecurity Writing+Incident+Reports+-+Submission
3 pages
Malith 204
No ratings yet
Malith 204
5 pages
MSN Messenger Protocol
No ratings yet
MSN Messenger Protocol
10 pages
Week 8 - Playing A CTF
No ratings yet
Week 8 - Playing A CTF
16 pages
EC-Council Certified SOC Analyst
No ratings yet
EC-Council Certified SOC Analyst
4 pages
Ddos Attack Handbook
No ratings yet
Ddos Attack Handbook
25 pages
Computerised Accounting System
No ratings yet
Computerised Accounting System
6 pages
Information Assistant and Security
No ratings yet
Information Assistant and Security
9 pages
Visual Cryptography
No ratings yet
Visual Cryptography
3 pages
Testing of Network Using Sophos Firewall With Layer Three Switch Through Dos Attacks
No ratings yet
Testing of Network Using Sophos Firewall With Layer Three Switch Through Dos Attacks
6 pages
CSC541 Fall2015 QuestionBank
No ratings yet
CSC541 Fall2015 QuestionBank
12 pages
Database And Application Security R Sarma Danturthi pdf download
100% (1)
Database And Application Security R Sarma Danturthi pdf download
79 pages
CybleVision For External Threat Intelligence V1
No ratings yet
CybleVision For External Threat Intelligence V1
8 pages
Chapter-1 data analysis for cyber security
No ratings yet
Chapter-1 data analysis for cyber security
30 pages
Unit - Iv
No ratings yet
Unit - Iv
115 pages
Hakin9 Wifi EN PDF
No ratings yet
Hakin9 Wifi EN PDF
14 pages
Guideline On Cybersecurity English
No ratings yet
Guideline On Cybersecurity English
10 pages
Test2RevisionQuestions
No ratings yet
Test2RevisionQuestions
23 pages
Software NGFW Credits Estimator - Palo Alto Networks
No ratings yet
Software NGFW Credits Estimator - Palo Alto Networks
2 pages
Seventh Edition, Global Edition by William Stallings
No ratings yet
Seventh Edition, Global Edition by William Stallings
42 pages
21HP-CyberSecurity-and-Forensics-Question-Bank-MID1
No ratings yet
21HP-CyberSecurity-and-Forensics-Question-Bank-MID1
1 page
Implementation_of_SOC_using_ELK_with_Integration_of_Wazuh_and_Dedicated_File_Integrity_Monitoring
No ratings yet
Implementation_of_SOC_using_ELK_with_Integration_of_Wazuh_and_Dedicated_File_Integrity_Monitoring
5 pages
Private Key
No ratings yet
Private Key
1 page
CSM Guideline v2.0 en
No ratings yet
CSM Guideline v2.0 en
39 pages
Different Types of Computer Viruses
No ratings yet
Different Types of Computer Viruses
3 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

19-Vault

Uploaded by

19-Vault

Uploaded by

Mehdi LARUELLE Be secret like a ninja with

@D2SI Hashicorp Vault

2 How does Vault work ?

3 Steps to become a ninja

● LDAP ● Approle (pipeline)

K/V Cloud Technology Others Transit

● Alicloud ● Active ● PKI

Put secrets in Make secrets Encrypt sensitive

Put secrets in Make secrets Encrypt sensitive

2. Auth with Approle

Put secrets in Make secrets Encrypt sensitive

5.Ask to revoke credentials

Put secrets in Make secrets

2.Get encrypted data 6.Get decrypted data

The last but not least

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.