))
Hashicorp Vault | Dev and Prod server setup | Unseal | Policies | TLS setup | Developer Tharun
Manage episode 316435038 series 3112412
Tharun Shiv에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Tharun Shiv 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Hey there! Follow the podcast if you like the episode
This is Tharun. In the Developer Tharun Podcast, I speak about Software Engineering
Thank you for Listening
In this Episode
- Vault server setup flow
- What is seal/unseal of Vault server?
- Policies
- Difference between server in Dev mode & Prod mode
And more...
Vault stores data in encrypted format. The encryption key that is being used to encrypt/decrypt the data is also stored along with rest of the data in the keyring. When a Vault server starts, it knows where the data resides through the configuration that we provide Vault with but doesn't know how to decrypt the encryption key that is present in the keyring along with the Vault encrypted data.
Here comes the master key that is used to decrypt the encryption key which is also present alongside all other Vault data. This master key is also encrypted and we need a special key that can decrypt the master key, this key is known as Unseal key.
The Unseal key is generated during the init process using an algorithm known as 'Shamir's secret sharing', where the unseal key is split into certain number of unseal keys 'X' and every time we want to unseal the Vault server we will need a certain number of unseal keys 'Y' and these 'X' and 'Y' values can be decided by the Vault architect when initializing the Vault server.
The main intention of creating several unseal keys is to distribute these unseal keys among several stakeholders such that, a minimum number of stake holders are needed to unseal the server or perform major operations on the server.
What are policies?Policies help you create rules that define access to various secrets. We can create policies that allow certain level access like create access, update access, read access, delete access and so on. We then assign this policy to a particular authentication mechanism of a user. This user will have only those access mentioned in the policies attached to his credentials. This way, Vault makes sure that we provide minimal and only necessary access to Vault stakeholders.
Thank you for listening to my Podcast. Follow my podcast if you find it helpful. Check out my other episodes. I talk about programming & software engineering.
YouTube: https://youtube.com/c/developerTharun
Blog Article on: https://tharunshiv.com
Instagram: @developerTharun
Dev.to: https://dev.to/developertharun
Udemy: https://www.udemy.com/user/tharun-shiv/
LinkedIn: https://linkedin.com/in/tharunshiv
50 에피소드
공유
