2020-01-18 00:18:09 +00:00
import SectionHeader from '@hashicorp/react-section-header'
import Button from '@hashicorp/react-button'
import TextAndContent from '@hashicorp/react-text-and-content'
import BeforeAfterDiagram from '../../../components/before-after-diagram'
import UseCaseCtaSection from '../../../components/use-case-cta-section'
export default function DataEncryptionUseCase ( ) {
return (
< div id = "use-cases" className = "g-section-block page-wrap" >
{ /* Header / Buttons */ }
< section className = "g-container" >
< SectionHeader
headline = "Leverage Trusted Identities in Low Trust Networks"
description = "Authenticate and access different clouds, systems, and endpoints using trusted identities"
useH1 = { true }
/ >
< div className = "button-container" >
2020-01-22 20:05:41 +00:00
< Button title = "Download" url = "/downloads" / >
2020-01-18 00:18:09 +00:00
< Button title = "Get Started" url = "/intro" theme = "dark-outline" / >
< / div >
< / section >
{ /* Before/After Diagram */ }
< section >
< div className = "g-container" >
< BeforeAfterDiagram
beforeImage = { {
url : require ( './img/challenge.png' ) ,
2020-05-21 17:18:17 +00:00
format : 'png' ,
2020-01-18 00:18:09 +00:00
} }
beforeHeadline = "The Challenge"
beforeContent = "With the proliferation of different clouds, services, and systems all with their own identity providers, organizations need a way to manage identity sprawl"
afterImage = { {
url : require ( './img/solution.png' ) ,
2020-05-21 17:18:17 +00:00
format : 'png' ,
2020-01-18 00:18:09 +00:00
} }
afterHeadline = "The Solution"
afterContent = "Vault merges identities across providers and uses a unified ACL system to broker access to systems and secrets"
/ >
< / div >
< / section >
{ /* Features / Text and content */ }
< section className = "g-container" >
< SectionHeader headline = "Identity-based Access Features" / >
< div className = "g-text-and-content" >
< div className = "text" >
< div >
< h3 id = "secure-plugins" > Identity Plugins < / h3 >
< p >
Improve the extensibility of Vault with pluggable identity
backends
< / p >
< / div >
< / div >
< div className = "content logo-grid" >
< ul className = "g-logo-grid large" >
{ [
'aws' ,
'azure' ,
'gcp' ,
'kubernetes' ,
'nomad' ,
'okta' ,
'pivotalcf' ,
2020-05-21 17:18:17 +00:00
'ssh' ,
] . map ( ( logo ) => (
2020-01-18 00:18:09 +00:00
< li key = { logo } >
< img
src = { require ( ` ./img/logos/ ${ logo } .png ` ) }
alt = "company logo"
/ >
< / li >
) ) }
< / ul >
< / div >
< / div >
< TextAndContent
data = { {
reverseDirection : true ,
text : ` ### Entities
Integrated identities across platforms and using this information for policy and access control decisions . ` ,
content : {
_ _typename : 'SbcImageRecord' ,
image : {
url : require ( './img/screenshot-entities.png' ) ,
2020-05-21 17:18:17 +00:00
format : 'png' ,
} ,
} ,
2020-01-18 00:18:09 +00:00
} }
/ >
< TextAndContent
data = { {
text : ` ### Control Groups
Require multiple Identity Entities or members of Identity Groups to authorize an requested action . ` ,
content : {
_ _typename : 'SbcImageRecord' ,
image : {
url : require ( './img/screenshot-control-groups.png' ) ,
2020-05-21 17:18:17 +00:00
format : 'png' ,
} ,
} ,
2020-01-18 00:18:09 +00:00
} }
/ >
< TextAndContent
data = { {
text : ` ### ACL Templates and Policy Control
Create and manage policies that authorize access control throughout your infrastructure and organization ` ,
content : {
_ _typename : 'SbcCodeBlockRecord' ,
chrome : true ,
code : ` # User template (user-tmpl.hcl)
# Grant permissions on user specific path
path "user-kv/data/{{identity.entity.name}}/*" {
capabilities = [ "create" , "update" , "read" , "delete" , "list" ]
}
# For Web UI usage
path "user-kv/metadata" {
capabilities = [ "list" ]
}
# Group template ( group - tmpl . hcl )
# Grant permissions on the group specific path
# The region is specified in the group metadata
path "group-kv/data/education/{{identity.groups.names.education.metadata.region}}/*" {
capabilities = [ "create" , "update" , "read" , "delete" , "list" ]
}
# Group member can update the group information
path "identity/group/id/{{identity.groups.names.education.id}}" {
capabilities = [ "update" , "read" ]
}
# For Web UI usage
path "group-kv/metadata" {
capabilities = [ "list" ]
}
path "identity/group/id" {
capabilities = [ "list" ]
2020-05-21 17:18:17 +00:00
} ` ,
} ,
2020-01-18 00:18:09 +00:00
} }
/ >
< TextAndContent
data = { {
reverseDirection : true ,
text : ` ### Identity Groups
Group trusted identities into logical groups for group - based access control . ` ,
content : {
_ _typename : 'SbcImageRecord' ,
image : {
url : require ( './img/screenshot-identity-groups.png' ) ,
2020-05-21 17:18:17 +00:00
format : 'png' ,
} ,
} ,
2020-01-18 00:18:09 +00:00
} }
/ >
< TextAndContent
data = { {
text : ` ### Multi-factor Authentication
Enforce MFA workflows when accessing a secret or a secret path ` ,
content : {
_ _typename : 'SbcCodeBlockRecord' ,
chrome : true ,
code : ` $ curl \
-- header "X-Vault-Token: ..." \ \
-- header "X-Vault-MFA:my_totp:695452" \ \
2020-05-21 17:18:17 +00:00
http : //127.0.0.1:8200/v1/secret/foo`,
} ,
2020-01-18 00:18:09 +00:00
} }
/ >
< / section >
< UseCaseCtaSection / >
< / div >
)
}