Far Oeuf: Automated Management of Shared Secrets with Ansible

 

The chicken-and-egg-ness of storing shared-secrets securely is particularly problematic in corporate environments.  Combining Ansible and HashiCorp Vault I will show how to deploy tiered applications with auto-generated credentials, and store the secrets in Vault.  This makes automated rotation of application credentials practical, dropping credential-ttl to hours rather than weeks, months, or never.

In the second half of the talk I will walk through submitting a PR for the Ansible lookup plugin for HashiCorp Vault, adding ldap authentication functionality.  My motivation was lowering the barrier for DevOps engineers to use secure shared-secret storage. My message is that a few lines of code is often all it takes to scratch your particular itch. The ability to extend Ansible is an important skill for your DevOps team.

Presenter:

doug_bridgens

 

Doug Bridgens, DevOps Engineer, Far Oeuf

linkedin