As organizations embrace a microservices architecture, cloud security and compliance naturally don’t stop being a focus. That’s why Flux7 helps organizations quickly implement HashiCorp Vault and start taking advantage of its interface to static secrets in encrypted form as well as dynamic secrets with tight security controls.
Secrets such as tokens, passwords, certificates, API keys, and confidential data, are often keys to your company’s most valuable assets. HashiCorp’s Vault secures, stores, and tightly controls access to these and other secrets in modern computing, handling leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.
As a HashiCorp consulting partner, Flux7 helps organizations establish a framework for repeatable deployments of a Vault secret store on top of existing infrastructure, or as part of infrastructure solutions we design and create for you. We’ll rapidly:
Create a best practices-based configuration management playbook to install and configure Vault in a highly-available, redundant fashion.
Create a configuration management playbook to install and configure HashiCorp Consul, a secure data store with dynamic API token generation capabilities, as a backend to Vault. Flux7 Consul deployments are horizontally scalable, highly-available, and cross AWS availability zones.
Establish a backup service to backup data stored in Consul.
Create the ELB, ECS cluster, and other infrastructure required for Vault and Consul in your VPC.
Additional customizations include:
Integrating the secret manager with your existing LDAP/AD
Modifying application(s) to connect to the secret manager or creating supporting scripts to mount as config files
Best Practice Based
Flux7 aims to create best practice-based, secure infrastructure. Vault secret management is a solution of choice as we build new environments using Security by Design principles which call for a proactive approach to security control by building it in throughout the AWS IT management process. Building secret management in from the beginning decreases errors and risk from manual management.
In addition, our Vault installation services reinforce security best practices:
Separation of Control: Unlike manual, distributed credential management, Vault does not allow the same developers who write code to be the same people with password access. Least Privilege: By automating secret management from day one, organizations can effectively establish least privilege — the minimum level of permissions needed to still perform a task with its desired outcome — querying Vault for least privilege AWS credentials. Detailed Logs: Vault creates a detailed audit log that tracks the use of dynamic passwords, collecting data on when the password was used, the amount of time the user was in the server, who used the password, for what application and more.