Hacker News new | ask | show | jobs
by captainperl 2750 days ago
Hi Mitchell.

I had to kill a rollout of Vault at one billion dollar (revenue) company for the following reasons:

* the engineers doing the PoC could not/would not document how to operate it in production

* the managers did not take the unsealing responsibility seriously ("I'm in mgmt., don't call me on Sundays again.")

* our network was perceived as flaky.

Some cheap solutions are:

* provide some pre-written runbooks for administering Vault that people can cut-and-paste into their wiki

* provide some diagrams and scenarios for unsealing that can be adopted

* have the Vault server monitor and log network health (latency, bad packets, etc.)
1 comments
jiveturkey 2750 days ago
sounds like you have problems in your org unrelated to vault.
link
captainperl 2750 days ago
> sounds like you have problems in your org unrelated to vault.

Unfortunately for engineers doing the deployment, Vault magnifies any weaknesses your organization already has. That's the nature of centralized key mgmt.

For example, I know one large company ended up using macros to unseal Vault to solve the key mgmt. problem I mentioned. In other words, the unseal keys are in plain text on the servers.

Probably happening more often than you would initially expect since nobody wants to drive down to the data center.

The remarkable thing with AWS KMS is that it's so seamless - it's idiot-proof compared to a self-hosted distributed system.

link
wmf 2750 days ago
Obviously that's not ideal, but it's probably still more secure than using no secret management system at all.
link