[X] Set up Vault
[X] Learn about the requests library
[X] Learn how to get a client token returned so the root token won't be used
[X] Create something that reads a secret out of Vault and returns it (Python)
[X] Make it accessible via a web interface
[ ] Refactor so it's not as gross
[ ] Add ability to write keysÂ
[ ] Add ability to grab any key you want
-
Install Vault
-
Start your vault server with something like
vault server -config=exvault.conf -
Visit http://localhost:8080/pyvault in your browser
-
Celebrate!
What is a secret: Things you don't want to be exposed, database credentials, SSL certificates, etc
What is secret management? Secret management centralizes sensitive information. There are many different services that provide this like Crypt, Conjur, and Configuration Storage Systems like Consul or etcd.
Why do we need this? In the past there was one hero who had access to all the passwords. This made it difficult for anyone else to get access to these applications. But managing passwords, making sure they're all a certain length containing certain special characters, and managing access is a hard challenge. Secret management makes it so you can restrict and grant access when you need to, as well as change passwords without having to tell the whole organization.