Open In App

Introduction of Vault

Last Updated : 06 Jan, 2020
Improve
Improve
Like Article
Like
Save
Share
Report

HashiCorp’s Vault is a very popular tool which is used to manage secrets securely. Before understanding about Vault, we need to firstly understand what are secrets and why they need to be stored securely. Secret is anything that is used in authorization or authentication. For example, usernames, passwords, DB credentials, API keys, etc. The problem with secrets is to manage them securely.

Let us understand the problem in much more depth.

Consider an e-commerce application which needs to interact with the database. It obviously require DB credentials for the same. In order to provide these credentials to the application, the most simple approach is to store them in a configuration file and load them at the time of startup. But the problem is that this sensitive information is stored in plain text as a part of our code and anyone with the access of our code can see and use them. In a better approach we can store this information in encrypted form. But still we will require a decryption key in order to decrypt and use it. Now, the problem still remains the same, where should we store this decryption key ?

Also, there’s always the “Secret sprawl problem”. It means that these secrets are actually present and stored at multiple places like in our source code, properties file, version control system. It is also difficult to rotate the secrets if they are hard coded. If these secrets are present in the VCS then anyone with the access can see it and we can’t know who has used it or whether have used it or not. This is where Vault comes at the rescue and deals with all these problems and hence, manages the secrets efficiently and securely.

Key features of Vault:

  1. Centralization:
    Vault solves the secret sprawl problem by centralizing the secrets i.e. all the secrets are now stored inside the vault instead of the source code, properties file, version control system. It also provides security to it by storing them in encrypted form and also encrypting them in the transit between Vault and the application. Whenever we store any new secret in Vault, it firstly encrypts it, stores it and then generates the master key for the decryption key. This master key is not stored anywhere in Vault and is returned to the user in parts. You need to provide the threshold parts of this master key to the Vault in order to unseal it and if you fail to provide so, your secrets are lost forever. In this way, even Vault itself can’t access your secrets.
  2. Audit Control:
    Vault keeps your secrets safe but your application might not. Every application logs every detail of any happening in the log files and in this process it might also log the secrets which can be vulnerable to threat. Anyone having access to these log files may misuse the secrets. Vault provides audit control for this purpose and it audits every usage of secret by each application and uniquely identifies which application has used which secret and when. So if any compromise takes place on any secret, instead of bringing down all the applications, you can identify the point of compromise and only shut down that application.
  3. Dynamic Secrets:
    Vault provides dynamic-secrets. So, instead of long-lived secrets, it provides short-lived credentials to the applications which are dynamically created. In the case of compromise, we can reduce the duration of vulnerability. Each credential is unique to the service and hence, we can know which service has compromised the credentials.
  4. Encryption as a Service:
    It is very difficult for the applications to correctly implement the cryptographic algorithms. Hence, Vault provides encryption of the normal data of the applications and applications can focus on the business logic of the service.

author
raman_257
Improve
Next Article
Introduction of Security of Microservices

Similar Reads

Best Vault Apps For Android and iOS
In this growing age of technology, everyone has a lot of files stored in their smartphones. Some of these documents are meant to be private. With the growth in technology, there has been a rise in the number of hackers. Your phone’s security is in your own hands. Nowadays phones are becoming easy targets for these hackers and they can retrieve all
6 min read
An introduction to Machine Learning
Arthur Samuel, an early American leader in the field of computer gaming and artificial intelligence, coined the term "Machine Learning " in 1959 while at IBM. He defined machine learning as "the field of study that gives computers the ability to learn without being explicitly programmed ". However, there is no universally accepted definition for ma
6 min read
Cryptography Introduction
Cryptography is the study and practice of techniques for secure communication in the presence of third parties called adversaries. It deals with developing and analyzing protocols that prevents malicious third parties from retrieving information being shared between two entities thereby following the various aspects of information security. Secure
4 min read
Django Introduction | Set 2 (Creating a Project)
Note- This article is in continuation of Django introduction. Popularity of Django Django is used in many popular sites like as: Disqus, Instagram, Knight Foundation, MacArthur Foundation, Mozilla, National Geographic etc. There are more than 5k online sites based on Django framework. ( Source ) Sites like Hot Frameworks assess the popularity of a
3 min read
Introduction to Xamarin | A Software for Mobile App Development and App Creation
The entire world is now surrounded by billions and trillions of mobile Tech which is inevitable. The major share of the development of mobile apps is taken by the Google's Android, Apple's iOS, and Microsoft's Windows. Every new learner or newbie in Mobile Development Domain finds himself in the dilemma of choosing the platform to start with. They
9 min read
Flutter | An introduction to the open source SDK by Google
Flutter is Google’s Mobile SDK to build native iOS and Android, Desktop (Windows, Linux, macOS), and Web apps from a single codebase. When building applications with Flutter everything towards Widgets – the blocks with which the flutter apps are built. They are structural elements that ship with a bunch of material design-specific functionalities a
6 min read
Introduction to quantum computing
Have you ever heard of a computer that can do things regular computers can't? These special computers are called quantum computers. They are different from the computer you use at home or school because they use something called "qubits" instead of regular "bits". A bit is like a light switch that can only be on or off, like a zero or a one. But a
11 min read
Fuzzy Logic | Introduction
The term fuzzy refers to things that are not clear or are vague. In the real world many times we encounter a situation when we can't determine whether the state is true or false, their fuzzy logic provides very valuable flexibility for reasoning. In this way, we can consider the inaccuracies and uncertainties of any situation. Fuzzy Logic is a form
5 min read
Introduction to Web Development and the Holy Trinity of it
Introduction and Holy Trinity of Web Development This article will give you an overview of the Front End Development, Back-End Development, and the Full Stack Development and will give you an idea about each of them in detail so that you can decide your field of interest for yourself. Starting from the basic book definition, ‘Web development refers
12 min read
Introduction to Data Science : Skills Required
Data science is an interdisciplinary field of scientific methods, processes, algorithms, and systems to extract knowledge or insights from data in various forms, either structured or unstructured, similar to data mining. Big Data Analytics or Data Science is a very common term in the IT industry because everyone knows this is some fancy term that i
6 min read
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox