Source: www.hashicorp.com
When the Levee Breaks: Protecting Vault Against Advanced Adversaries and InCategory: Database, Security, Data, Privacy, Infrastructure, Hashicorp, encryption
The cryptography and key management protecting HashiCorp Vault secrets is designed to stand up to concerted attacks from well-resourced, skilled adversaries. In an ideal world HashiCorp Vault is neither the first nor last line of defense against an adversary.
This is not the first time that Vault and Vault Enterprise have operated in environments subject to a data breach.
This is done for two reasons: to allow Vault operators to not be “locked in” to a particular storage or compute infrastructure, and to ultimately ensure that an adversary compromising the storage infrastructure of Vault does not yield access to Vault’s secrets or its sensitive configuration data.
But today and tomorrow, our goal remains the same: the data in Vault is protected with encryption to maintain perfect forward secrecy as much as technologically possible.
This is not the first time that Vault and Vault Enterprise have operated in environments subject to a data breach.
This is done for two reasons: to allow Vault operators to not be “locked in” to a particular storage or compute infrastructure, and to ultimately ensure that an adversary compromising the storage infrastructure of Vault does not yield access to Vault’s secrets or its sensitive configuration data.
But today and tomorrow, our goal remains the same: the data in Vault is protected with encryption to maintain perfect forward secrecy as much as technologically possible.
Related Articles
Community Partners
DevOps Careers