2021-01-07 19:40:35 +00:00
{
2021-02-11 21:29:38 +00:00
"beforeAfterDiagram" : {
"beforeImage" : {
2021-05-03 22:01:29 +00:00
"url" : "/img/use-cases/secrets-management/secrets-mgmt-challenge.png" ,
2021-06-21 16:50:59 +00:00
"alt" : "Graphic — keys connecting with providers" ,
2021-02-11 21:29:38 +00:00
"format" : "svg"
} ,
"beforeHeadline" : "The Challenge" ,
"beforeContent" : "Secrets for applications and systems need to be centralized and static IP-based solutions don't scale in dynamic environments with frequently changing applications and machines" ,
"afterImage" : {
2021-05-03 22:01:29 +00:00
"url" : "/img/use-cases/secrets-management/secrets-mgmt-solution.png" ,
2021-06-21 16:50:59 +00:00
"alt" : "Graphic — keys connecting with providers through vault" ,
2021-05-03 22:01:29 +00:00
"format" : "png"
2021-02-11 21:29:38 +00:00
} ,
"afterHeadline" : "The Solution" ,
"afterContent" : "Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity"
} ,
2021-01-07 19:40:35 +00:00
"features" : [
{
"textSplit" : {
"heading" : "Dynamic Secrets" ,
"content" : "Dynamically create, revoke, and rotate secrets programmatically."
} ,
"image" : {
2021-06-21 16:50:59 +00:00
"url" : "/img/use-cases/secrets-management/dynamic_secrets@3x.png" ,
"alt" : "Vault UI with AWS config"
2021-01-07 19:40:35 +00:00
}
} ,
{
"textSplit" : {
"heading" : "Secret Storage" ,
"content" : "Encrypt data while at rest, in the storage backend of your choice." ,
"textSide" : "right"
} ,
"codeBlock" : {
2021-08-20 16:20:18 +00:00
"options" : { "showChrome" : true } ,
2021-01-07 19:40:35 +00:00
"language" : "shell-session" ,
"code" : "$ cat vault.config\nstorage \"consul\" {\n address = \"127.0.0.1:8500\"\n path = \"vault\"\n}\nlistener \"tcp\" {\n address = \"127.0.0.1:8200\"\n}\ntelemetry {\n statsite_address = \"127.0.0.1:8125\"\n disable_hostname = true\n}\n"
}
} ,
{
"textSplit" : {
"heading" : "Identity Plugins" ,
"content" : "Improve the extensibility of Vault with pluggable identity backends."
} ,
"logoGrid" : [
{
2021-06-02 18:01:05 +00:00
"url" : "https://www.datocms-assets.com/2885/1506540090-color.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "MySQL logo"
2021-01-07 19:40:35 +00:00
} ,
{
2021-06-02 18:01:05 +00:00
"url" : "https://www.datocms-assets.com/2885/1506540114-color.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "Cassandra logo"
2021-01-07 19:40:35 +00:00
} ,
2021-06-02 18:01:05 +00:00
{
"url" : "https://www.datocms-assets.com/2885/1566919186-oracle.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "Oracle logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1619808181-conusul-attributedcolor.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "Consul logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1566919170-aws.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "AWS logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1506540175-color.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "MongoDB logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1539818112-postgresql.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "PostgreSql logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1539817686-microsoft-sql-server.svg" ,
2021-06-21 16:50:59 +00:00
"alt" : "Microsoft SQL logo"
2021-06-02 18:01:05 +00:00
} ,
{
"url" : "https://www.datocms-assets.com/2885/1608143270-ellipsis.png" ,
2021-06-21 16:50:59 +00:00
"alt" : "ellipsis icon logo"
2021-06-02 18:01:05 +00:00
}
2021-01-07 19:40:35 +00:00
]
} ,
{
"textSplit" : {
"heading" : "Detailed Audit Logs" ,
"content" : "Detailed audit log of all client interaction (authentication, token creation, secret access & revocation)." ,
"textSide" : "right"
} ,
"codeBlock" : {
2021-08-20 16:20:18 +00:00
"options" : { "showChrome" : true } ,
2021-01-07 19:40:35 +00:00
"language" : "shell-session" ,
"code" : "$ cat audit.log | jq {\n \"time\": \"2018-08-27T13:17:11.609621226Z\",\n \"type\": \"response\",\n \"auth\": {\n \"client_token\": \"hmac-sha256:5c40f1e051ea75b83230a5bf16574090f697dfa22a78e437f12c1c9d226f45a5\",\n \"accessor\": \"hmac-sha256:f254a2d442f172f0b761c9fd028f599ad91861ed16ac3a1e8d96771fd920e862\",\n \"display_name\": \"token\",\n \"metadata\": null,\n \"entity_id\": \"\"\n }\n}\n"
}
} ,
{
"textSplit" : {
"heading" : "Leasing & Revoking Secrets" ,
"content" : "Manage authorization and create time-based tokens for automatic revocation or manual revocation."
} ,
"codeBlock" : {
2021-08-20 16:20:18 +00:00
"options" : { "showChrome" : true } ,
2021-01-07 19:40:35 +00:00
"language" : "shell-session" ,
"code" : "$ vault read database/creds/readonly\nKey Value\n--- -----\nlease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nlease_duration 1h0m0s\nlease_renewable true\npassword A1a-w2xv2zsq4r5ru940\nusername v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434\n[...]\n$ vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nKey Value\n--- -----\nlease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nlease_duration 1h0m0s\nlease_renewable true\n$ vault lease revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\n"
}
}
]
}
