HashiConf Global 2022 Cliffnotes
--
HashiConf Global, which took place on October 5th and 6th, showcased their many infrastructure products and their future roadmaps. The free virtual sessions can be found on https://live.hashiconf.com/on-demand
Zero Trust Security
Recently, businesses have been focusing on zero trust security for their networks to harden against attackers gaining access through ways such as phishing and social engineering. It’s not a big surprise that the theme of HashiConf was their heavy focus on zero trust architecture. Many of the talks included this slide on how their products provide value in zero trust architectures.
- Vault — Machine Authenication & Authorization
- Consul — Machine to Machine Access
- Boundary — Human to machine access
- SSO (Single Sign On)-Human authentication & authorization
Hashicorp currently doesn’t have a product that handles the SSO but there are many providers that already provide this capability that the various Hashicorp products integrate with via their Vault product. As they put it, Vault is an identity broker.
Vault — Secret Management
Vault is a secrets management product that handles static and dynamic secrets which can be crendentials or keys. Vault (server) sits in the data center and has optional agents that are installed on host machines that communicate with the server. The agents can handle getting credentials from vault or there are API endpoint support to getting credentials. Vault offers a secure storage and ways to put and take secrets from the secure storage.
New highlights: Hashicorp’s Vault as a service in the cloud. Dynamic secrets were limited to being used with Vault agents, but they’re available via SDK and APIs. Certificate management including PKI for rotating certificates, short lived certificates, and voiding existing certificates.
Consul — Service Discovery and Service Mesh
Consul is a product that handles service discovery and service mesh. In a nutshell that means Consul will keep track of service that come online and go offline and handle the routing to available services in a similar form of a…
