Certificate and Secrets Management with HashiCorp Vault and Keyfactor

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone this is Ryan Yakko with key factor and today we're gonna talk about certificate management and also secrets management with hash seek or vaults I was a quick overview of hash score vault the wat reasons why developers engineering engineering teams are loving it's so much is because its ability to store an issue dynamics secrets at a rapid pace in their DevOps environment so any time we talk about secrets it's usually revolving around things like passwords and tokens and DB credentials things like that but they also evolved x.509 certificates or digital certificates so that kind of complicates a little bit things because that involves a route of trust it needs to be established for those certificates so the way this works is vault actually has an onboard PKI Secrets engine that comes with it right and the way this works is if I'm a developer and let's say I'm building a container or using containers rather let's say with like kubernetes or I'm interacting with a web application right doing that all these different things micro services all these different things involve a TLS encryption right so what I'm going to need to do is every time that I'm interacting with these I'm going to need to issue what's called a CSR which is a certificate signing request and then a vault is going to pass back that x.509 certificate at a rapid pace in the end and also in dynamic fashion so this is great for developers they love this stuff right because they can get it at a super high volume and they can keep moving in their in their containerization and multi cloud world that they live in right the other thing they love about too is this whole CSR process used to be manual when it involved the security team but now it's automatic it happens in an immediate fashion right the the things that we see we hear from customers then is though since from issuing all these certificates right the security teams are starcat are going to start asking questions around where are all these certificates that are being issued out into my production environment who issued these certificates where to come from let's see expiration on the certificates even if they're short-lived all these things are coming out around certificates the security team is going to need to know that and it comes back to two areas where they're really concerned about which is the visibility of the certificates but also the I'm gonna trust those certificates a bit issue from a root of trust so the way key factor comes in and solves that is actually to take in what we have called our a secret engine that we actually replaced the onboard PKI secrets engine the Asch corpus so what's great about this engine is that we can replace this and not interrupt anything that goes on with development this is a big thing because what development doesn't want to do right is they don't want to have to change anything on their configuration on the client side right so none of this has to happen because what we were able to do is when we deploy an invisible PKI engine what this allows you to do is use the same commands and use the same API same interface or using with that PKI secret engine we use that same thing so actually when a developer asked for a CSR right they're not going to need to even say eat to know that this is all communicating with the PKI back-end of key factor right so with key factor we're gonna get all this comes through csr comes through right then we're able to establish that x.509 back to the development team immediately no issues there no lag time at all and what you're able to be getting in here is like we talked about reporting security team's gonna be happy with all the different things going on here more policy control because I can establish a PKI practices and then we're also able to do is connect this with a real trust whether it's a public CA right could be a could be a private CA right as well whether it's Microsoft public seeing differently did you cert but also what we have is a PKI as a service so scary teams and development teams if this PKI part of your business something that's very complex and as we know as experts in PK it is complex if you need to switch to more of a PK as a service model we can actually take this and take away all the headache that goes on with all the processes involved with PK I so you're not having to deal with any of that on the skier side but also the depth side so that really it makes us stand out in that space being able to ride a PK as a service where no other competitor really offers that in our space and we're also able to scale at the speed of the certificates are being issued right so we talked to all these short-lived certificates are being issued from from Hoshi that takes up it's gonna be extreme amount of volume that happens there you need a system that scales with that we're able to scale across you know 550 million certificates plus in these types of complex environments so that's at a high level kind of how we go go from scary basically questioning and not knowing what's going on organization to see being okay with it and also how to keep Deb moving as fast as they can without interrupting them so thanks for watching this video and we'll hope to talk to you more about Hoshi and key factory later on you

Info

Channel: Keyfactor

Views: 1,865

Rating: undefined out of 5

Keywords: Keyfactor, Hashicorp vault, hashicorp, hashicorp demo, keyfactor demo, certificate management, secrets management, public key infrastructure, pki, digital certificate management, devops, devops tutorial, pki operations, infosec, cybersecurity, cloud pki, managed pki, pkiaas, pki as a service, Ryan Yackel

Id: BRNMU1EoaTw

Channel Id: undefined

Length: 5min 45sec (345 seconds)

Published: Wed Jun 10 2020