Runtime Protection for Vault & Consul

preview_player
Показать описание

HUG community member Yan Michalevsky, co-founder and CTO of Anjuna, gave this talk on securing application perimeters by putting the application into a Secure Enclave and using HashiCorp Vault.

This session explores a runtime security solution based on Secure Enclaves, such as Intel Software Guard Extensions (SGX). While there is tremendous promise in Intel SGX, adoption so far has been limited to very specific products where development teams were able to put in significant engineering effort to secure small (and sensitive) parts of their applications. Moreover, the lack of straightforward interoperability with modern high-level languages like Go further limits the usability of Secure Enclaves.

In this talk, Yan demonstrates a way to secure HashiCorp Vault from attackers that have complete control of the host server, by loading the application into a Secure Enclave. The user experience remains unhindered since all APIs and interaction with the Vault server remain as they were. Lastly, the talk will explain how to establish trust between the protected Vault instance and remote Vault clients using an attestation mechanism that is elegantly integrated into HTTPS.

This talk was part of the first HashiTalks online event—A 24-hour continuous series of presentations from the worldwide HashiCorp User Group (HUG) community and from HashiCorp engineers as well. The event took place from February 21-22, 2019.

HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality.

Twitter: @hashicorp
  1. HashiCorp
  2. HashiCorp
  3. HashiCorp Consul
  4. HashiCorp Vault
  5. Vault
  6. Consul
Рекомендации по теме
Runtime Protection for 0:32:54

Runtime Protection for Vault & Consul

HashiCorp Vault and 0:58:05

HashiCorp Vault and Venafi: Speed and Security for Cloud Operating Model Success

What are hardware 0:06:40

What are hardware security modules (HSM), why we need them and how they work.

Secret Management with 0:15:14

Secret Management with Ansible Vault and docker-compose

AWS re:Inforce 2023 0:12:29

AWS re:Inforce 2023 - Centralize and manage secrets with HashiCorp Cloud (PRT206-S)

GuardDuty: EKS Runtime 0:56:56

GuardDuty: EKS Runtime Protection

Kubernetes Security (Part 0:24:06

Kubernetes Security (Part 3): Runtime Protection with Spyderbat

Kubernetes Security Best 0:29:41

Kubernetes Security Best Practices you need to know | THE Guide for securing your K8s cluster!

Vault 1.10 Overview 0:53:45

Vault 1.10 Overview

Operationalizing HashiCorp Vault 0:29:36

Operationalizing HashiCorp Vault

Knox Vault: Bringing 0:02:17

Knox Vault: Bringing Next-Level Security to Galaxy Devices | Samsung

'A better story 0:37:14

'A better story for Kubernetes secrets' by Seth Vargo

Securing Kubernetes Secrets 0:42:27

Securing Kubernetes Secrets (Cloud Next '19)

HashiCorp Vault Monitoring 0:32:10

HashiCorp Vault Monitoring Tutorial with Prometheus, Grafana, and Loki

Runtime Protection (RASP) 0:03:02

Runtime Protection (RASP) | Imperva

Dynamic Secrets Retrieval 0:56:23

Dynamic Secrets Retrieval in Azure App Service with HashiCorp Vault

Knox Vault: Bringing 0:02:17

Knox Vault: Bringing Next-Level Security to Galaxy Devices

Zero Trust + 2:04:59

Zero Trust + Advanced Data Protection

Vault as a 0:27:23

Vault as a Security Platform - Future Direction

Vault 1.11 Overview 0:58:18

Vault 1.11 Overview

Runtime Policies - 0:58:19

Runtime Policies - Feat. KubeArmor and Falco (You Choose!, Ch. 3, Ep. 2)

What’s New in 0:47:12

What’s New in the Last 3 Months - Microsoft Defender for Cloud

How HashiCorp Vault 0:44:25

How HashiCorp Vault Solves The Top 3 Cloud Security Challenges

Zero Trust and 0:23:19

Zero Trust and Runtime Security for Edge - Rick Moy, Accuknox