As organizations adopt DevSecOps principles for rapid application delivery, they are heavily leveraging HashiCorp vault to centrally manage and deliver appropriate secrets to the applications. Vault stores thousands or even millions of highly sensitive secrets in such environments and encrypts them in storage to prevent any unauthorized access. Thales HSM solutions encrypt the Vault master key in a hardware root of trust to provide maximum security and comply with regulatory requirements. In this video, we discuss how organizations can enhance vault’s security controls by leveraging Thales Luna HSM to meet the most stringent compliance regulations & automate their DevOps processes.
|Thales and HashiCorp Discuss DevSecOps|
Today’s large enterprises operate across many boundaries, acting as a virtual organization in multiple cities and countries. One department that commonly combines efforts from widely dispersed individuals is software development. DevOps, or the processes that enable application development and operations to be combined, adds complexity and security risks not previously seen when programmers were all on-site, behind a firewall, and with access only to development environments. Along with the agility and scale that DevOps brings, if not implemented correctly, DevOps processes can be impeded and hacked, adding development time and security risks to the end product.
Addressing this growing need to secure enterrise-class DevOps, Thales has partnered with Venafi and HashiCorp to provide an end-to-end solution for implementing a secure DevOps environment.
|Simplifying DevOps Security with Thales, Venafi and HashiCorp - Solution Brief|
HashiCorp Vault centrally secures, stores, and tightly controls access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. Organizations use HashiCorp Vault to solve security challenges as they adopt cloud and DevOps.
The integration between Thales HSM solutions and HashiCorp Vault enables key advantages:
Master Key Wrapping: Thales HSM solutions encrypt the Vault master key in a hardware root of trust to provide maximum security and comply with regulatory requirements.
Automated Unseal: Master keys are encrypted and stored by the Thales HSMs, allowing users to automatically unseal Vault, using the key stored within the HSM. This eliminates the need for manual unsealing normally done by providing a pre-set minimum number of unseal keys, thereby improving the security posture.
|HashiCorp Vault with Luna Network HSM and Luna Cloud HSM Services - Solution Brief|
|HashiCorp Vault with Luna Network HSM and Luna Cloud HSM Services - Integration Guide|