Day Two Cloud 090: Hashicorp Vault For Beginners

Today’s Day Two Cloud is a deep, if impromptu, episode on Hashicorp Vault. Due to an unexpected schedule change, hosts Ethan Banks and Ned Bellavance had to come up with a topic on the fly. It turns out that Ned knows a thing or two about HashiCorp Vault, so hey presto! Please note this is an unsponsored show. What is HashiCorp Vault and why is it worth talking about? Well, if you’ve got secrets you need to keep (passwords, certificates, API keys, and so on), Vault is a management tool that stores and controls access to sensitive data. It can also be used to manage the lifecycle of credentials, and can encrypt and decrypt data as a service. Ned and Ethan discuss: * Major Vault use cases * How to create a production Vault environment * Simpler Vault builds for lab work * Vault storage options * Master keys and encryption keys * Managing the secrets that manage the secrets * Vault secrets engines * Authentication methods supported by Vault * Using Vault to generate temporary secrets * Secrets lifecycle management * Controlling access to secrets * Securely accessing Vault secrets from Python * Preventing Vault system failures * Recovering Vault if the worst happens For more in-depth training, see the links below to get Ned Bellavance’s PluralSight course Hashicorp Vault. Sponsor: CBT Nuggets CBT Nuggets is IT training for IT professionals and anyone looking to build IT skills. If you want to make fully operational your networking, security, cloud, automation, or DevOps battle station visit cbtnuggets.com/cloud. Show Links: Getting Started with HashiCorp Vault – PluralSight Managing HashiCorp Vault – PluralSight Hashicorp Certified Vault Associate: Getting Started – PluralSight Transcript: [00:00:26.070] Welcome to Day Two Cloud. This is a weird show because what just happened in the background that you never see is we had someone cancel due to a family emergency. And that happens, you know, that happens from time to time. But Ned and I were like, we have the slot saved on our calendars. Why don’t we just record something? [00:00:44.040] Well, OK, listeners, there’s something that I’ve been looking into is how to better manage secrets. So let me give you a scenario here. If I do a little bit of Python programing, because I’m doing, in my case, network automation or I’m hitting the Twitter API or something like that, I’ve got secrets, usernames and passwords and API keys and things that I don’t want anybody else to know, but my script needs to know. I had to pass that information into my script. [00:01:09.570] And so what I do these days is environment variables. I don’t want to code them in the script. I’m not that lame, but I will do environment variables where I’ll pass them through from the environment to the script. That’s OK. It’s still kind of sucks, though. [00:01:24.000] It doesn’t really manage them very well. I don’t like that. And so as I’ve dug around, I’ve come to learn there are various secrets, management tools, one of which HashiCorp Vault. That seems to be a pretty popular solution. [00:01:37.590] I’ve been meaning to dig into it.