|
|
|
|
|
|
by jacksonnic
2832 days ago
|
|
|
One of the benefits of using dynamic secrets is that access to say databases carry a short TTL. Vault manages the lifecycle of these credentials and will automatically revoke them once the defined lifecycle has expired. To gain access to credentials a user would authenticate to Vault with say LDAP, this access can be controlled centrally with a policy defining access to secrets assigned on an individual user or group level. Should an individual leave an organisation then the credentials they have obtained from Vault to access a datastore would expire automatically, normal process would apply to remove them from LDAP and disable the ability to require further credentials. There is always a process problem with managing secrets but dynamic secrets in Vault stops long-lived secrets and reduces unofficial password sharing. |
|
|