Secret Management using Vault

Scenario:

        An application depends upon many resources in order to function properly, such as databases, third party API’s, storage, monitoring tools etc. It uses secrets to access/authenticate itself with these tools. These secrets are confidential tokens that have to be secured and passed on to the application. But how do we do that?

Traditional Approach:

        The most common way to store secrets is in config/.env files. These files are attached to the application’s codebase. We maintain separate config/.env file for every application environment, i.e. Dev, QA, Prod etc…

Flaws in this approach:

This is where VAULT comes in ...

Vault:

        Vault is a tool designed to store and access application’s sensitive data securely. It helps us to build a centralised secret management service. Vault can generate the secrets, encrypt the data, limit the access to the stored data and also it can help in revoking the access. It also solves the problem of tracking who accessed/modified a secret via audit logs.

Use Cases:

It is built to mainly focus on the :

Key Features of Vault:

Vault Architecture:

Vault Architecture diagram

References: