Vault: Beyond secret storage - Using Vault to harden your infrastructure

18
1 BEYOND SECRET STORAGE Brett Mack @phpops Using Vault & The PKI Backend To Harden Your Infrastructure

Transcript of Vault: Beyond secret storage - Using Vault to harden your infrastructure

Page 1: Vault: Beyond secret storage - Using Vault to harden your infrastructure

1

BEYOND SECRET STORAGE

Brett Mack@phpops

Using Vault & The PKI Backend To Harden Your Infrastructure

Page 2: Vault: Beyond secret storage - Using Vault to harden your infrastructure

2

ABOUT ME

BRETT MACK

DevOps Consultant OpenCredo

Page 3: Vault: Beyond secret storage - Using Vault to harden your infrastructure

3

Agenda

• What is PKI • How can we achieve this with Vault • Brief Demo • Issues we encountered • Conclusion / Where we go from here

Page 4: Vault: Beyond secret storage - Using Vault to harden your infrastructure

4

What is PKI

Source: photobucket.com

Tell me whyTell me why, PKI?

http://photobucket.com
Page 5: Vault: Beyond secret storage - Using Vault to harden your infrastructure

5

Page 6: Vault: Beyond secret storage - Using Vault to harden your infrastructure

6

https://aphyr.com/tags/jepsen

https://aphyr.com/tags/jepsen
Page 7: Vault: Beyond secret storage - Using Vault to harden your infrastructure

7

http://twitter.com/swiftonsecurity

http://twitter.com/swiftonsecurity
Page 8: Vault: Beyond secret storage - Using Vault to harden your infrastructure

8

http://twitter.com/swiftonsecurity

http://twitter.com/swiftonsecurity
Page 9: Vault: Beyond secret storage - Using Vault to harden your infrastructure

9

What is PKI

A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data

over networks such as the Internet and verify the identity of the other party

Page 10: Vault: Beyond secret storage - Using Vault to harden your infrastructure

10

What is PKI

X.509

X.509v3 - PKIX

Page 11: Vault: Beyond secret storage - Using Vault to harden your infrastructure

11

What is PKI

Certificate

Page 12: Vault: Beyond secret storage - Using Vault to harden your infrastructure

12

What is PKI

Intermediate CA

Certificate

Page 13: Vault: Beyond secret storage - Using Vault to harden your infrastructure

13

What is PKI

ROOT CA

Intermediate CA

Certificate

Page 14: Vault: Beyond secret storage - Using Vault to harden your infrastructure

14

DEMO

Page 15: Vault: Beyond secret storage - Using Vault to harden your infrastructure

15

Issues

Page 16: Vault: Beyond secret storage - Using Vault to harden your infrastructure

16

Where to go from here

Content-Security-Policy

Public-Key-Pins

Strict-Transport-Security

Page 17: Vault: Beyond secret storage - Using Vault to harden your infrastructure

17

Page 18: Vault: Beyond secret storage - Using Vault to harden your infrastructure

18

We’re Hiring

https://opencredo.com

https://opencredo.com/blog

https://github.com/opencredo/vault-pki-demo

https://opencredo.com
https://opencredo.com/blog
https://github.com/opencredo/vault-pki-demo

Vault - GOTO ConferencePractical security Modern data center friendly VAULT FEATURES Secure secret storage (in-memory, Consul, file, postgres, and more) Dynamic secrets Leasing, renewal,

Vault - GOTO ConferencePractical security Modern data center friendly VAULT FEATURES Secure secret storage (in-memory, Consul, file, postgres, and more) Dynamic secrets Leasing, renewal,

The Secret Vault of the Queen of Thieves€¦ · 11), a secret entrance she discovered while reconnoitering the temple. She will pick the lock to the grate and climb up before proceeding

The Secret Vault of the Queen of Thieves€¦ · 11), a secret entrance she discovered while reconnoitering the temple. She will pick the lock to the grate and climb up before proceeding

Tips To Harden Tool Steels

Tips To Harden Tool Steels

4 Harden Ability

4 Harden Ability

JAMES Harden AND RUSSEL Westbrook

JAMES Harden AND RUSSEL Westbrook

symposium in blues - Keith Harden

symposium in blues - Keith Harden

talkin' blues by Keith Harden

talkin' blues by Keith Harden

EDUCATE AND INSPIRE YOUR CLASS - World of Coca-Cola€¦ · 1,200 artifacts Explore the myths and legends around the secret formula for Coca-Cola in the Vault of the Secret Formula

EDUCATE AND INSPIRE YOUR CLASS - World of Coca-Cola€¦ · 1,200 artifacts Explore the myths and legends around the secret formula for Coca-Cola in the Vault of the Secret Formula

October News - Harden Primary School

October News - Harden Primary School

Harden your Java Components !

Harden your Java Components !

Live Edge Table - Harden Furniture

Live Edge Table - Harden Furniture

AUTODESK VAULT BASIC, VAULT WORKGROUP, VAULT …

AUTODESK VAULT BASIC, VAULT WORKGROUP, VAULT …

Qualys Cloud Platform...Checkpoint Firewall. On the Login Credentials tab in the record choose A uthentication Vault, Vault Type Thycotic Secret Server, select your vault record and

Qualys Cloud Platform...Checkpoint Firewall. On the Login Credentials tab in the record choose A uthentication Vault, Vault Type Thycotic Secret Server, select your vault record and

Pulsonix Vault Evaluation Guide Vault... · 2019. 5. 23. · Pulsonix Tutorial 5 Chapter 2. Installing the Pulsonix Vault Installing the Pulsonix Vault To install the Pulson ix Vault,

Pulsonix Vault Evaluation Guide Vault... · 2019. 5. 23. · Pulsonix Tutorial 5 Chapter 2. Installing the Pulsonix Vault Installing the Pulsonix Vault To install the Pulson ix Vault,

Harden Middle School

Harden Middle School

Shay Fainberg Product Security and Anti-Fraud Outbrain · Secret Management} Passwords to ... Built-int cloud soutions: AWS KMS, Azure Key Vault} Free Alternative:} Vault Bonus -

Shay Fainberg Product Security and Anti-Fraud Outbrain · Secret Management} Passwords to ... Built-int cloud soutions: AWS KMS, Azure Key Vault} Free Alternative:} Vault Bonus -

Harden Ability

Harden Ability

Vault - Secret and Key Management

Vault - Secret and Key Management

madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Leaflet Harden-Veredelen UK

Leaflet Harden-Veredelen UK