88be341d21
* website: upgrade global-styles packages * website: remove deprecated --site-max-width on community page * website: replace code-block showWindowBar with showChrome * website: replace old g-container with g-grid-container * website: backfill missing type styles * website: revert change to heading semantics * website: fix mismatched border colour * website: fix spacing issue * website: revert accidental replacement * website: clarify debt intention with comment * website: fix missing search styles, remove cruft * website: hide alert-banner on mobile * website: bump to latest patched dependencies
110 lines
4.8 KiB
JSON
110 lines
4.8 KiB
JSON
{
|
|
"beforeAfterDiagram": {
|
|
"beforeImage": {
|
|
"url": "/img/use-cases/secrets-management/secrets-mgmt-challenge.png",
|
|
"alt": "Graphic — keys connecting with providers",
|
|
"format": "svg"
|
|
},
|
|
"beforeHeadline": "The Challenge",
|
|
"beforeContent": "Secrets for applications and systems need to be centralized and static IP-based solutions don't scale in dynamic environments with frequently changing applications and machines",
|
|
"afterImage": {
|
|
"url": "/img/use-cases/secrets-management/secrets-mgmt-solution.png",
|
|
"alt": "Graphic — keys connecting with providers through vault",
|
|
"format": "png"
|
|
},
|
|
"afterHeadline": "The Solution",
|
|
"afterContent": "Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity"
|
|
},
|
|
"features": [
|
|
{
|
|
"textSplit": {
|
|
"heading": "Dynamic Secrets",
|
|
"content": "Dynamically create, revoke, and rotate secrets programmatically."
|
|
},
|
|
"image": {
|
|
"url": "/img/use-cases/secrets-management/dynamic_secrets@3x.png",
|
|
"alt": "Vault UI with AWS config"
|
|
}
|
|
},
|
|
{
|
|
"textSplit": {
|
|
"heading": "Secret Storage",
|
|
"content": "Encrypt data while at rest, in the storage backend of your choice.",
|
|
"textSide": "right"
|
|
},
|
|
"codeBlock": {
|
|
"options": { "showChrome": true },
|
|
"language": "shell-session",
|
|
"code": "$ cat vault.config\nstorage \"consul\" {\n address = \"127.0.0.1:8500\"\n path = \"vault\"\n}\nlistener \"tcp\" {\n address = \"127.0.0.1:8200\"\n}\ntelemetry {\n statsite_address = \"127.0.0.1:8125\"\n disable_hostname = true\n}\n"
|
|
}
|
|
},
|
|
{
|
|
"textSplit": {
|
|
"heading": "Identity Plugins",
|
|
"content": "Improve the extensibility of Vault with pluggable identity backends."
|
|
},
|
|
"logoGrid": [
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1506540090-color.svg",
|
|
"alt": "MySQL logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1506540114-color.svg",
|
|
"alt": "Cassandra logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1566919186-oracle.svg",
|
|
"alt": "Oracle logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1619808181-conusul-attributedcolor.svg",
|
|
"alt": "Consul logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1566919170-aws.svg",
|
|
"alt": "AWS logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1506540175-color.svg",
|
|
"alt": "MongoDB logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1539818112-postgresql.svg",
|
|
"alt": "PostgreSql logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1539817686-microsoft-sql-server.svg",
|
|
"alt": "Microsoft SQL logo"
|
|
},
|
|
{
|
|
"url": "https://www.datocms-assets.com/2885/1608143270-ellipsis.png",
|
|
"alt": "ellipsis icon logo"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"textSplit": {
|
|
"heading": "Detailed Audit Logs",
|
|
"content": "Detailed audit log of all client interaction (authentication, token creation, secret access & revocation).",
|
|
"textSide": "right"
|
|
},
|
|
"codeBlock": {
|
|
"options": { "showChrome": true },
|
|
"language": "shell-session",
|
|
"code": "$ cat audit.log | jq {\n \"time\": \"2018-08-27T13:17:11.609621226Z\",\n \"type\": \"response\",\n \"auth\": {\n \"client_token\": \"hmac-sha256:5c40f1e051ea75b83230a5bf16574090f697dfa22a78e437f12c1c9d226f45a5\",\n \"accessor\": \"hmac-sha256:f254a2d442f172f0b761c9fd028f599ad91861ed16ac3a1e8d96771fd920e862\",\n \"display_name\": \"token\",\n \"metadata\": null,\n \"entity_id\": \"\"\n }\n}\n"
|
|
}
|
|
},
|
|
{
|
|
"textSplit": {
|
|
"heading": "Leasing & Revoking Secrets",
|
|
"content": "Manage authorization and create time-based tokens for automatic revocation or manual revocation."
|
|
},
|
|
"codeBlock": {
|
|
"options": { "showChrome": true },
|
|
"language": "shell-session",
|
|
"code": "$ vault read database/creds/readonly\nKey Value\n--- -----\nlease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nlease_duration 1h0m0s\nlease_renewable true\npassword A1a-w2xv2zsq4r5ru940\nusername v-token-readonly-48rt0t36sxp4wy81x8x1-1515627434\n[...]\n$ vault renew database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nKey Value\n--- -----\nlease_id database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\nlease_duration 1h0m0s\nlease_renewable true\n$ vault lease revoke database/creds/readonly/3e8174da-6ca0-143b-aa8c-4c238aa02809\n"
|
|
}
|
|
}
|
|
]
|
|
}
|