English
cegedim.cloud ITCare API
Privacy

Vault

Description

Vault is intended to be the single repository for your secrets, whether they are passwords, tokens, certificates, public/private keys, etc.

It's where your applications and services will turn to consume the secrets they need. Say goodbye to plaintext passwords in your configuration files, scripts or source code and secure your CI/CD pipeline!

Vault provides strong secret encryption, authentication and authorization management, and the resource can be a human user or a machine.

  • Secret Management

    • Centralization of secrets in a secure and highly available space

    • Reduce risk and comply with security standards and best practices: passwords are no longer stored or displayed in the clear

    • Dynamic secrets: create, renew and revoke secrets on the fly automatically

  • Encryption as a Service

    • Encrypt your data on the fly without worrying about managing encryption keys

    • Easy encryption key update and rotation

  • " API First » : everything can be controlled by API, in addition to the Web interface

  • Granular management of profiles and access rights

  • Complete traceability of administration actions and access to secrets

Why Vault ?

Vault aims to resolve the following issues:

  • Sharing of sensitive information in a secure manner

  • Access control with the possibility of revoking access

  • Granularity via policies allowing to share only certain data

Vault is made up of four main services:

  • The Storage Service (Consul for example ) is where Vault's persistent and encrypted data will be stored

  • The Secret service allows you to store static secrets and generate dynamic secrets (for AWS, Azure or GCP for example)

  • The Audit service allows you to log each request in order to track all interactions with Vault.

  • The Auth backend service manages several authentication methods allowing Vault to be adaptable to any type of use. For example, we can use the AppRole method to authenticate applications but also GitHub for a group of developers.

Platform as a Service

Vault is deployed on-premise in cegedim.cloud datacenters.

The same level of service is guaranteed as for the Compute offer: instance deployment, operational maintenance, flexibility, security and monitoring are all provided by our experts.

The topology available is the ready cluster topology, with 3 nodes distributed over all the availability zones of a target zone. The current version supported is 1.8.1.

cegedim.cloud deploy Vault with auto-unseal for reducing the operational complexity of keeping the unseal key secure. The encrypted root key is stored in a Transit Secrets Engine inside another Vault cluster managed exclusively by cegedim.cloud.

Billing

Vault is billed monthly per cluster, regardless of the number of users and the number of secrets stored.

To find out the exact cost of a Vault cluster, please contact your Service Delivery Manager.

PreviousPhishing CampaignNextVault - Features

Last updated