Use case

Dynamic Secrets for Waypoint with Vault

Source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.

Challenge

Static secrets are vulnerable to exposure via data breaches

With static application configuration, secrets are created ahead of time and shared. Credentials can be long lived when expiration dates are not explicitly defined. The result is a significantly higher chance of access leaking into non-authorized users.

Solution

Minimize the impact of leaky applications by ensuring credentials are ephemeral

Source dynamic secrets from Vault in a Waypoint deployment. The HashiCorp Vault config sourcer plugin can be used to source dynamic secrets from the Vault KV secrets engine. This is a huge benefit for the security of your application, as any possibly leaked secrets would automatically expire after a pre-configured amount of time, among other things.

Get started with Waypoint

The best way to understand what Waypoint can enable for your projects is to give it a try.