This event has ended. Create your own event on Sched.
Back To Schedule
Thursday, June 15 • 4:50pm - 5:20pm
Enhancing Cloud Foundry Application Security with Vault - Seth Vargo, HashiCorp

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Vault is a popular open source tool for managing application secrets at scale, and it uses an innovative approach to secret acquisition and managing the lifecycle of credentials over time. This approach is not without tradeoffs, since it often goes against common architectures, and Cloud Foundry is no exception.

Unlike traditional secret acquisition which is just a single request, Vault requires a regular updates from the application. This is very akin to a DHCP lease or a TTL. If an application dies or is restarted, it requests new credentials, and it renews those credentials over time. Unused credentials are automatically revoked, reducing the secret sprawl and decreasing the attack surface. Additionally, each instance of an application receives a different credential; if an attacker is able to compromise one application, it's easy to revoke a single credential without causing application downtime.

Seth will discuss the architecture of the Cloud Foundry Vault integration, exploring technical challenges exposed by both Vault's own architecture and design decisions in Cloud Foundry in implementing the Cloud Foundry Vault broker, which controls the distribution of secrets to applications running under Cloud Foundry.

avatar for Seth Vargo

Seth Vargo

Director of Technical Advocacy, HashiCorp
Seth Vargo is the Director of Technical Advocacy at HashiCorp. Previously, Seth worked at Chef (Opscode), CustomInk, and a few Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on... Read More →

Thursday June 15, 2017 4:50pm - 5:20pm PDT
Grand Ballroom CD