Use Case
Dynamic App Config with Vault Dynamic Secrets
Learn how to source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.
Use case
Source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.
Challenge
With static application configuration, secrets are created ahead of time and shared. Credentials can be long lived when expiration dates are not explicitly defined. The result is a significantly higher chance of access leaking into non-authorized users.
Solution
Source dynamic secrets from Vault in a Waypoint deployment. The HashiCorp Vault config sourcer plugin can be used to source dynamic secrets from the Vault KV secrets engine. This is a huge benefit for the security of your application, as any possibly leaked secrets would automatically expire after a pre-configured amount of time, among other things.
Use Case
Learn how to source dynamic secrets from HashiCorp Vault in your Waypoint deployments using dynamic configuration.
Documentation
Waypoint can sync application configuration values with external systems such as Kubernetes ConfigMaps, HashiCorp Vault, Amazon Parameter Store, and more.
DOCUMENTAION
You can access external data from a waypoint.hcl such as Vault secrets, Kubernetes configuration, Terraform outputs, and more.
TUTORIAL
Vault can generate secrets on-demand for some systems.
TUTORIAL
Use Consul Template and Envconsul with Vault
TUTORIAL
To increase the availability of tokens and secrets to the clients, Vault Agent introduced the Caching function.