Building Hashicorp Vault in OCI - Part III

Building Hashicorp Vault in OCI - Part III

Saturday, Nov 17, 2018

@ Chris Suttles

This post is the last in a series on deploying the Hashicorp recommended architecture for a single DC deployment of Vault on Oracle Cloud Infrastructure (OCI). Here are some related links: https://github.com/csuttles/oci-vault/ (the code for all of this) http://blog.csuttles.io/getting-started-with-terraform-on-oracle-cloud-infrastructure-oci/ (intro) http://blog.csuttles.io/building-hashicorp-vault-in-oci-part-i/ (part i) http://blog.csuttles.io/building-hashicorp-vault-in-oci-part-ii/ (part ii) http://blog.csuttles.io/building-hashicorp-vault-in-oci-part-iii/ (this article) Create Vault Nodes In the previous articles in the series, we built out prerequisite resources, including compartments, a VCN, subnets, seclists, and finally consul servers.
Building Hashicorp Vault in OCI - Part II

Building Hashicorp Vault in OCI - Part II

Thursday, Nov 8, 2018

@ Chris Suttles

This post is a continuation of a series. The first two posts are here and here[.] The source for this series is available on GitHub. Building Consul in OCI Now that we have defined the IAM and network resources that Vault depends on, it's time to start building Consul nodes, which we will use as the backend for Vault. In order to build Consul, and completely automate the bootstrap, we will take advantage of some OCI and Terraform features.
Building Hashicorp Vault in OCI - Part I

Building Hashicorp Vault in OCI - Part I

Monday, Oct 29, 2018

@ Chris Suttles

This post will continue a previous post on using Hashicorp's Terraform with OCI (Oracle Cloud Infrastructure). Building the Network Resources Let's walk through a single region where we will build out the network resources where our Vault installation will reside. Here's the variables where we define the storage backend and Terraform provider. It's the same basic setup as defined in my previous post. csuttles@cs-mbp15:[~/src/oci-vault/iad/network]:(master) [Exit: 0] 11:19: cat variables.tf variable "tenancy" {} variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} variable "private_key_path" {} variable "region" { default = "us-ashburn-1" } variable "compartment_ocid" {} provider "oci" { tenancy_ocid = "${var.
Managing Dynamic Database Credentials With Hashicorp Vault and Chef

Managing Dynamic Database Credentials With Hashicorp Vault and Chef

Monday, Jan 8, 2018

@ Chris Suttles

This post takes a look at using Hashicorp's Vault to manage dynamic database credentials, using Chef. For this post (and the my previous post on Vault), I started working with Vault pretty quickly via this docker-compose setup I found via GitHub. It's a very quick way to get a Vault instance with a Consul backend. You'd never do this for production, since they are single instances, but for functional testing, it's enough.
Managing SSH Secrets with Vault

Managing SSH Secrets with Vault

Wednesday, Jan 3, 2018

@ Chris Suttles

This post takes a look at using Hashicorp's Vault to manage secrets for SSH authentication. For this post, I started working with Vault pretty quickly via this docker-compose setup I found via GitHub. It's a very quick way to get a Vault instance with a Consul backend. You'd never do this for production, since they are single instances, but for functional testing, it's enough. Requirements What are we trying to accomplish?

Social Links