Use Case
Dynamic App Config with Vault Dynamic Secrets
Learn how to source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.
Use case
Dynamic Secrets for Waypoint with Vault
Source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.
Challenge
Static secrets are vulnerable to exposure via data breaches
With static application configuration, secrets are created ahead of time and shared. Credentials can be long lived when expiration dates are not explicitly defined. The result is a significantly higher chance of access leaking into non-authorized users.
Solution
Minimize the impact of leaky applications by ensuring credentials are ephemeral
Source dynamic secrets from Vault in a Waypoint deployment. The HashiCorp Vault config sourcer plugin can be used to source dynamic secrets from the Vault KV secrets engine. This is a huge benefit for the security of your application, as any possibly leaked secrets would automatically expire after a pre-configured amount of time, among other things.
Docs
Docs
Documentation
Waypoint dynamic app configuration
Waypoint can sync application configuration values with external systems such as Kubernetes ConfigMaps, HashiCorp Vault, Amazon Parameter Store, and more.
DOCUMENTAION
Waypoint dynamic variables
You can access external data from a waypoint.hcl such as Vault secrets, Kubernetes configuration, Terraform outputs, and more.
Tutorials
TUTORIAL
Vault dynamic database credentials tutorial
Vault can generate secrets on-demand for some systems.
TUTORIAL
Direct Application Integration
Use Consul Template and Envconsul with Vault
TUTORIAL
Vault Agent Caching
To increase the availability of tokens and secrets to the clients, Vault Agent introduced the Caching function.
