The combination of Vault and Consul has been proclaimed to be the answer to every secrets management. In core production environments, consul on its own has been used as a KV store, service discovery and even a backend datastore. Vault on its own is more of a secret management system that can be used with different backends of which consul is one of them.
A production environment can combine these two tools (vault as a secure store for passwords, token, certificates, consul as its backend store) for a complete secret management solution.
If this can be used in production, i thought i could adapt this as my own personal password manager and i intend to show how i achieved that in this post.
I have got a repo in GitHub with all you will need for this set up.
https://github.com/sksegha/vault-consul-docker
Here is screen recording
The repo creates 2 docker containers - One vault and one consul. Vault is the actual secret management tool while consul is the backend storage.
The repo also contains a script that helps set up the "cluster"; outputting the encryption keys to a keys.txt file. The consul data is also saved in the data directory. As long as this data directory exist then your secrets are safe.
If you decide that you want to blow away the installation + data, the cleanup script will do that for you.
No comments:
Post a Comment