Ask Sendai

We are excited to announce the public availability of HashiCorp Vault 1.2. Vault is a tool to provide secrets management, data encryption, and identity management for any infrastructure and application. Vault 1.2 is focused on supporting new architectures for automated credential and cryptographic key management at a global, highly-distributed scale. This release introduces new mechanisms for users and applications to manage sensitive data such as cryptographic keys and database accounts, and exposes new interfaces that improve Vault’s ability to automate secrets management, encryption as a service, and privileged access management.

Kubernetes is the de facto standard for container orchestration and Vault by HashiCorp is the de facto standard for secrets management. Now the question is: how do you combine those technologies so that you can use secrets from your central Vault instance in your Kubernetes applications? One solution would be to use the AppRole auth method. Boostport provides a nice integration of AppRoles in Kubernetes. Another possibility is to use the Kubernetes auth method.

The release also includes additional new features, secure workflow enhancements, general improvements, and bug fixes. The Vault 1.1 changelog provides a full list of features, enhancements, and bug fixes. Vault agent now supports client-side caching of leased secrets. An agent may now cache a response to a token managed client-side via auto auth. This allows for applications to work completely with Vault agent to manage a token’s lifecycle, simplifying edge computing use cases or use cases where encoding logic for an application to manage token expiry with a Vault cluster may be complicated (e.

Learn from hands-on labs to build proficiency with Vault 1.0, auto-unseal, Kubernetes, and other secrets management features. Source: hashicorp.com

Today we are excited to announce the public availability of HashiCorp Vault 1.0. Vault is a tool to manage secrets and protect sensitive data for any infrastructure and application. Vault 1.0 is focused on renovating Vault’s infrastructure to support high performance, scalable workloads. The 1.0 release of Vault includes significant new functionality including: Batch Tokens: A new type of token optimized for high performance, ephemeral workloads. Open Source Cloud Auto Unseal: Cloud-based auto unseal is now open source.

In the following tutorial we’ll walk you through provisioning a highly-available Hashicorp Vault and Consul cluster on Kubernetes with TLS. This is an intermediate-level tutorial. It assumes that you have basic working knowledge of Vault, Consul, Docker, and Kubernetes. Minikube is a tool used to run a single-node Kubernetes cluster locally. It’s designed to get a cluster up and running quickly so you can start interacting with the Kubernetes API locally.