Software

SoftServe Uses HashiCorp Vault Tool to Keep Secrets Safe

HashiCorp Logo

Overview

You know that keeping secrets secret on your platform is crucial. Secret information can be anything that requires restricted access: customer data, pricing information, sales plans, passwords, the list goes on. But the most important thing about secrets is that they must be accessible to those who need to see them — and not to those who shouldn’t.

Secret handling is now required just about everywhere. That means sensitive information must be secure with granular access control and compliance with industry regulations to make your system less vulnerable and more stable in the face of potentially dangerous activities.

And that doesn’t just apply to fancy, new applications but also ubiquitous tools like a platform monitoring system. You can’t get away with using static passwords and keys anymore.

Migration from older, less capable software is always a major undertaking, and it’s essential to ensure that your platform’s security measures are up to date. You need a firm set of cybersecurity goals and tools at the center of your implementation plan.

Our client, a global provider of high-tech expertise and solutions to governments, businesses, and nonprofit organizations, realized their growth required the migration of their present monitoring system to a more powerful solution.

Image

Challenges

As part of this migration, our client identified several challenges:

  • The need to protect secrets by monitoring their system from potential security threats, which would ensure granular, role-based access to only authorized user.
  • A reliable and highly available solution to host secrets.
  • Round-the-clock platform monitoring, which would allow for a highly available monitoring system.

The client also desired other features, including:

  • Proven cybersecurity
  • A modern platform with a long support cycle
  • Flexibility and extensibility
  • The ability to perform self-diagnostic and auto-remediation

During their preliminary research into the project, the client recognized the scope of the migration would require the help of a reliable technology partner with extensive expertise in cybersecurity. A partner with a proven track record in planning and executing complex projects with distributed product development teams using the latest best practices. SoftServe got the nod.

Solution

Following an initial review of the client’s requirements and goals for the project, SoftServe selected HashiCorp Vault as one of the key tools to be deployed, along with a Zabbix monitoring solution.

Vault works by authenticating and authorizing users, machines, and apps before providing them access to secrets or stored sensitive data. It gives users access controls, dynamic secrets, and the ability to audit and revoke secrets.

To satisfy Zabbix’s requirements for an uninterrupted connection to the Vault cluster, an integrated storage (RAFT) backend was chosen for data replication. PowerDNS was chosen as a load-balancing mechanism to access Vault.

Planning and project implementation

In planning this project, a dedicated team from SoftServe was formed, joining members of our client’s DevOps team to determine their requirements.

Scheme

SoftServe designed, configured, and implemented a new monitoring system, along with PowerDNS and HashiCorp Vault to satisfy the high availability requirements. Our solution allowed this client to monitor several parameters within a network, including the health and integrity of associated servers.

The tech stack

  • Zabbix
  • PostgreSQL
  • HashiCorp Vault
  • PowerDNS

Results

SoftServe developed a reliable monitoring solution with secure methods for storing secrets and other sensitive information. The team also automated the provisioning of customer services to the Zabbix monitoring system. That allowed our client’s DevOps teams to onboard services to the Zabbix monitoring system and create a predefined secret engine within HashiCorp Vault.

Overall, HashiCorp Vault can protect you from leaked credentials that can damage your organization’s business and reputation by configuring your generated secrets to automatically expire — or be maintained — for as long as you desire.

Want to learn more about how SoftServe can help you strengthen and improve your organization’s platform security and best practices using HashiCorp Vault? Click the button below and let’s talk!

Завантажити PDF