Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure Day 2 operations with Boundary and Vault

Rosemary Wang
June 06, 2024
Technology
0
15

Secure Day 2 operations with Boundary and Vault

Originally presented at HashiDays: Munich.

Your application developers and platform engineers need to log into machines and services for Day 2 operations, like break glass fixes and manual application testing. In this session, Rosemary shows how systems of record in Terraform, Vault, and Boundary can help secure and facilitate access to machines and services.

Rosemary Wang

June 06, 2024
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Can You Test Your Infrastructure as Code?
joatmon08
1
51
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
21
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
26
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
31
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
40
Building a Developer Platform? Ask these questions.
joatmon08
0
27
From Cloud-Hosted to Cloud-Native
joatmon08
0
53
Refactoring Applications for Dynamic Secrets
joatmon08
1
37
Catching Commits to Secure Infrastructure as Code
joatmon08
1
51

Other Decks in Technology

See All in Technology
Engineer Career Talk
lycorp_recruit_jp
0
160
複雑なState管理からの脱却
sansantech
PRO
1
140
Taming you application's environments
salaboy
0
190
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.2k
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
Platform Engineering for Software Developers and Architects
syntasso
1
520
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
380
強いチームと開発生産性
onk
PRO
34
11k

Featured

See All Featured
Being A Developer After 40
akosma
86
590k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Documentation Writing (for coders)
carmenintech
65
4.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Why Our Code Smells
bkeepers
PRO
334
57k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Building Adaptive Systems
keathley
38
2.3k
Art, The Web, and Tiny UX
lynnandtonic
297
20k

Transcript

  1. ©2024 HASHICORP 1 Infrastructure as code Production infrastructure

  2. ©2024 HASHICORP Platform teams AppDev teams Cloud services 2 Lifecycle

    management Day 0 & 1 - Automated Day 2 - Manual? As code? INFRASTRUCTURE & SECURITY

  3. ©2024 HASHICORP 3

  4. ©2024 HASHICORP Chief Developer Advocate HashiCorp she/her @joatmon08 Rosemary Wang

  5. ©2024 HASHICORP 5 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

  6. ©2024 HASHICORP 6 “…an information storage and retrieval system that

    can serve as an authoritative source of truth.” business.adobe.com/blog/basics/systems-of-record

  7. ©2024 HASHICORP 7 Machines Endpoints Infrastructure Credentials Certificates Encryption Keys

    Secrets Users Identity Systems of record

  8. ©2024 HASHICORP 8 Infrastructure as code Production infrastructure Secrets Credentials

    to access services Infrastructure resources and policies User access to targets

  9. ©2024 HASHICORP 9 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs

  10. ©2024 HASHICORP 10 github.com/joatmon08/ hashicorp-stack-demoapp

  11. ©2024 HASHICORP 11

  12. ©2024 HASHICORP 12 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs Use session recording to reconcile automation

  13. ©2024 HASHICORP 13

  14. ©2024 HASHICORP 14 Infrastructure as code Production infrastructure Secrets Generate

    dynamic database username and password Create database & configure secrets engine Identify admins or developers who can access database

  15. ©2024 HASHICORP 15 github.com/joatmon08/ terraform-aws-postgres

  16. ©2024 HASHICORP 16

  17. ©2024 HASHICORP 17

  18. ©2024 HASHICORP 18 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit

  19. ©2024 HASHICORP 19 Integrate and use data to authorize and

    audit Establish systems of record Summary Configure just-in-time access to production as needed Generate just-in-time production access Assess recurring Day 2 operations that can be automated Reconcile automation

  20. ©2024 HASHICORP Rosemary Wang @joatmon08 joatmon08.com Thank you!