Data Persistence on Elixir Data Platform using Apache Ignite
Hadoop for warehousing
The growing popularity of microservices, infrastructure automation, and dynamic cloud environments has increased the number of secrets required to connect services and infrastructure. This secret sprawl expands the surface area for an attack, both in terms of potential infiltration points and internal damage in the event of a compromise. Vault uses time-bound, limited-permissioned, dynamic secrets to reduce the potential impact of a secret compromise.
The volume of secrets in a modern infrastructure makes it difficult for security teams to organize, distribute, and secure secrets. Vault gives security operations certainty in when, where, and how secrets are being used across a system with a detailed audit log. Services that require access to secrets are given tokens with strict access control policies to limit which secrets can be accessed and how. For example, a frontend application may be able to get API credentials, but not database usernames and passwords.
Secret leasing, revocation, and rolling
Services are never given root secrets. Instead, Vault generates a unique secret that has a limited lease. If a secret's lease expires, the secret becomes unusable. Services must re-authenticate with Vault before the lease expires to get a new secret or extend the existing one. Vault stores a tamper-proof and detailed audit log of every interaction - authentication, secret access, secret revocation, and more. Paired with Vault's strict leases, the audit log lets operators trace back the origin of a secret to identify a potential compromise.