Published on 00/00/0000
Last updated on 00/00/0000
Published on 00/00/0000
Last updated on 00/00/0000
Share
Share
INSIGHTS
5 min read
Share
Bank-Vaults is a thick, tricky, shifty right with a fast and intense tube for experienced surfers only, located on Mentawai. Think heavy steel doors, secret unlocking combinations and burly guards with smack-down attitudes. Watch out for clean-up sets.
Bank-Vaults is a wrapper for the official Vault client with automatic token renewal, built in Kubernetes support, dynamic database credential management, multiple unseal options, automatic re/configuration and more.At Banzai Cloud, we've been building an open source next generation platform as a service, called Pipeline, which is constructed on top of Kubernetes. With the Banzai Cloud Pipeline platform, we provision large, multi-tenant Kubernetes clusters on all major cloud providers, and deploy different workloads to these clusters. We needed to find an industry standards-based way for our users to publish and interact with protected endpoints, while simultaneously providing dynamic secrets management for all the applications we support, each of which is
native
to Kubernetes. After several proof-of-concepts, we chose HashiCorp's Vault, and we began to integrate our many Pipeline PaaS components. After awhile, work on this project (all of which is open sourced and available on GitHub) began to feel like reinventing
the wheel, so we decided to externalize all the enterprise grade security features into a new project. Welcome to Bank-Vaults.
Security series: Authentication and authorization of Pipeline users with OAuth2 and Vault Dynamic credentials with Vault using Kubernetes Service Accounts Dynamic SSH with Vault and Pipeline Secure Kubernetes Deployments with Vault and Pipeline Policy enforcement on K8s with Pipeline The Vault swiss-army knife The Banzai Cloud Vault Operator Vault unseal flow with KMS Kubernetes secret management with Pipeline Container vulnerability scans with Pipeline Kubernetes API proxy with PipelineCredit to HashiCorp for open sourcing Vault and making secret management easier and more secure. This project would not have been possible without the open source community.
bank-vaults
CLI tool helps automate the setup and management of Vault.
Features:
vault server -dev
dev mode Vault servers)YAML
is pushed with the CLI tool, we re/configure the Vault cluster in the backend, and apply those changes. Here are a few of our options:
auth
Note: This is currently WIP, we are extracting the code from https://github.com/banzaicloud/pipeline/tree/master/auth
A GitHub OAuth2 based authentication system as Gin Middleware, stores JWT bearer tokens in Vault.vault
A wrapper for the official Vault client with automatic token renewal, and Kubernetes support.database
A helper for creating database source strings (MySQL/PostgreSQL) with database credentials dynamically based on configured Vault roles (instead of username:password
).bank-vaults
. With the help of this chart, you can run a HA Vault instance with automatic initialization and unseal an external configuration, which used to be a tedious manual operation. In addition, this chart can easily be used for development purposes.
bank-vaults
with features such as:
-dev
modeGet emerging insights on emerging technology straight to your inbox.
Discover why security teams rely on Panoptica's graph-based technology to navigate and prioritize risks across multi-cloud landscapes, enhancing accuracy and resilience in safeguarding diverse ecosystems.
The Shift is Outshift’s exclusive newsletter.
Get the latest news and updates on cloud native modern applications, application security, generative AI, quantum computing, and other groundbreaking innovations shaping the future of technology.