|
|
|
|
|
|
by captainperl
2750 days ago
|
|
|
> sounds like you have problems in your org unrelated to vault. Unfortunately for engineers doing the deployment, Vault magnifies any weaknesses your organization already has. That's the nature of centralized key mgmt. For example, I know one large company ended up using macros to unseal Vault to solve the key mgmt. problem I mentioned. In other words, the unseal keys are in plain text on the servers. Probably happening more often than you would initially expect since nobody wants to drive down to the data center. The remarkable thing with AWS KMS is that it's so seamless - it's idiot-proof compared to a self-hosted distributed system. |
|
|