Just Enough About Vault: Keeping Your Sensitive Information Safe

Dear Friend,

A secrets vault is a secure storage to store sensitive information, such as passwords, keys, tokens, and other credentials.

Here are some examples of components stored in a secrets vault:

• API Keys
• Database credentials
• Certificates and private keys.,

Storing these components in a secret vault ensures that they are secure. And only accessible to authorized users and applications.

A simple use case on how a Vault works

Suppose you are building a web application requiring third-party API access. To authenticate with this API, you need an API key, a secret that should not be exposed to the public.

First, you would set up a Vault instance and configure it to store secrets. You would then create a policy that defines which users or applications are authorized to access the API key.

Then, you would generate a new API key and store it securely in Vault. When you hold the API key, Vault automatically encrypts it and keeps it encrypted.

When your web application needs to access the API, it requests Vault to retrieve the API key. The application would first authenticate with Vault using its own set of credentials (e.g., a username and password).

Once the application is authenticated, it will send a request to Vault asking for the API key. Next, the Vault would check the policy to ensure the application can access the key. And then retrieve the key from its encrypted storage.

Finally, Vault would return the API key to the web application, which could be used to authenticate with the third-party API.

A sequence diagram illustration for the use case

What's Next?

Get started with hands-on at HashiCorp's official site

Join the?DevOps Stories?newsletter to receive weekly stories

Feel free to connect with me on?LinkedIn