Source: medium.com
Production Grade Password Manager for Kubernetes and AWS — An Intro to HashCategory: Database, Security, Data, Kubernetes, Hashicorp
OK I’ll admit: today’s cover photo is somehow related to the topic (unlike most computer science books where the cover photo isn’t related to the topic at all), because we are talking about production-ready Kubernetes and AWS secret management, for security, of course, and the photo above is the Trausnitz Castle in the capital city of Lower Bavaria. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image .
That is compromised, because everyone who has read access to the pod can describe it and see the environment variable values.
Good news is, when installing Vault in AWS, you don’t even need to find 5 people to store those split parts of the master key, but rather, Vault can be configured together with AWS KMS, to do it automatically, making the process simpler and less managerial overhead.
As a security tool, you need to authenticate yourself in order to use it, and Vault provides multiple ways to authenticate users, for example, open id connector, AWS auth, etc, making it highly versatile with whatever you already have.
That is compromised, because everyone who has read access to the pod can describe it and see the environment variable values.
Good news is, when installing Vault in AWS, you don’t even need to find 5 people to store those split parts of the master key, but rather, Vault can be configured together with AWS KMS, to do it automatically, making the process simpler and less managerial overhead.
As a security tool, you need to authenticate yourself in order to use it, and Vault provides multiple ways to authenticate users, for example, open id connector, AWS auth, etc, making it highly versatile with whatever you already have.
Related Articles
Community Partners
DevOps Careers