|
|
|
|
|
|
by gopaz
2397 days ago
|
|
|
Also interested in this, we have a fairly large setup and always interesting to see how others use it. Especially around Vault, it never really clicked for me, I fail to see how it helps most of the times, if a user can trigger X that will generate a key on the fly, what prevents a hacker from doing the same, etc... |
|
|
It's a complexity-compartmentalization trade off, that is usually recommended for better IT sec posture. Allows other stuff [IDS - intrusion detection system] to be built on top more easily.
Basically leads to the secrets in the secret vault mentality, so any time you see a secret not in the vault, you can sound the alarm.