Vault

Jan 1, 0001

Definition

Vault is a tool designed to securely store and manage sensitive information such as secrets, passwords, and encryption keys. It provides a centralized solution for secret management, offering features like dynamic secrets, data encryption, and access control policies. Vault ensures that sensitive data is protected through robust authentication mechanisms and fine-grained access control, reducing the risk of unauthorized access.

Secure Settings Example

# Vault policy granting read-only access to a specific path
path "secret/data/myapp/*" {
  capabilities = ["read"]
}

# Enabling audit logging to monitor access
audit {
  type    = "file"
  options = {
    path = "/var/log/vault_audit.log"
  }
}

# Enforcing TLS for secure communication
listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "false"
  tls_cert_file = "/etc/vault/tls/vault-cert.pem"
  tls_key_file  = "/etc/vault/tls/vault-key.pem"
}

Insecure Settings Example

# Vault policy granting overly permissive access
path "secret/data/myapp/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

# Disabling audit logging, leading to lack of monitoring
audit {
  type    = "file"
  options = {
    path = "/dev/null"
  }
}

# Disabling TLS, exposing data to potential interception
listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "true"
}