Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure Day 2 operations with Boundary and Vault

Secure Day 2 operations with Boundary and Vault

Originally presented at HashiDays: Munich.

Your application developers and platform engineers need to log into machines and services for Day 2 operations, like break glass fixes and manual application testing. In this session, Rosemary shows how systems of record in Terraform, Vault, and Boundary can help secure and facilitate access to machines and services.

Rosemary Wang

June 06, 2024
Tweet

More Decks by Rosemary Wang

Other Decks in Technology

Transcript

  1. ©2024 HASHICORP Platform teams AppDev teams Cloud services 2 Lifecycle

    management Day 0 & 1 - Automated Day 2 - Manual? As code? INFRASTRUCTURE & SECURITY
  2. ©2024 HASHICORP 5 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit
  3. ©2024 HASHICORP 6 “…an information storage and retrieval system that

    can serve as an authoritative source of truth.” business.adobe.com/blog/basics/systems-of-record
  4. ©2024 HASHICORP 8 Infrastructure as code Production infrastructure Secrets Credentials

    to access services Infrastructure resources and policies User access to targets
  5. ©2024 HASHICORP 9 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs
  6. ©2024 HASHICORP 12 Infrastructure as code Production infrastructure Secrets Store

    SSH key pair in KV secrets engine Create SSH key pair & VM Identify platform engineers who can access VMs Use session recording to reconcile automation
  7. ©2024 HASHICORP 14 Infrastructure as code Production infrastructure Secrets Generate

    dynamic database username and password Create database & configure secrets engine Identify admins or developers who can access database
  8. ©2024 HASHICORP 18 Who is accessing the production system? Authentication

    Secure Day 2 operations What do they have access to? Authorization When and what changes were made to production? Audit
  9. ©2024 HASHICORP 19 Integrate and use data to authorize and

    audit Establish systems of record Summary Configure just-in-time access to production as needed Generate just-in-time production access Assess recurring Day 2 operations that can be automated Reconcile automation