KeyOps: Securing Fastly's Infrastructure with Vault

Automated infrastructure deployment is critical when the expansion of the server fleet needs to be accomplished efficiently, reliably, frequently, and at scale. Yet, when it comes to bootstrapping servers into the production fleet, the handling of shared secrets required a tradeoff between automation and security: hardcode secrets and downgrade security, or require human interaction and cause an automation bottleneck. At least, that used to be the case. This talk will look at how we've been using Vault at Fastly to secure our infrastructure, services, and customer-facing applications, while reducing or eliminating manual steps. We'll cover the gamut of use, from bootstrapping new physical servers to providing limited access to database instances for emergency support. Vault has provided us with important mechanisms to improve our security and automation capabilities, and this talk will inspire you to seek similar opportunities in your own infrastructure. ------- Alexandru Totolici works as a Security Engineer at Fastly, where he most recently helped improve secrets management as part of his current focus on infrastructure security. When he’s not securing things (or reverse engineering them) you will most likely find him trying to climb or vault over obstacles, with varying degrees of success. -- If you liked this video and want to see more from HashiCorp, subscribe to our channel: https://www.youtube.com/c/HashiCorp?sub_confirmation=1 To learn more, visit our hands-on interactive lab environment, HashiCorp Learn: https://learn.hashicorp.com/ HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. For more information, visit: www.hashicorp.com or follow us on social media: Twitter: @hashicorp LinkedIn: https://www.linkedin.com/company/hashicorp Facebook: https://www.facebook.com/HashiCorp