Vault 0.11 新特性抢鲜看: Valut Agent

Vault 0.11 新特性抢鲜看: Valut Agent

AUG 26 2018    ANDY MANOSKE

The Vault team is quickly closing on the next major release of Vault: Vault 0.11. As we approach the release we will preview some of the new functionality coming soon to Vault Open Source and Vault Enterprise.

This post will focus on Vault Agent: a new feature in all versions of Vault that manages the process of secure introduction and the management of tokens for accessing dynamic secrets.

One common challenge we've heard throughout Vault's life is something we call within HashiCorp the "Secret Zero Problem". Securely introducing a secret into an application or local environment can be challenging for users uncomfortable with significantly altering application logic.

If that secret is a dynamic secret, and the token granting access for that secret must be refreshed on a given interval, then implementing logic to properly maintain access tokens for that secret's availability can become complicated.

Vault Agent is a solution to the Secret Zero problem of secure introduction. Agent allows you to configure a Vault binary to automatically authenticate to Vault and manage the token renewal process for locally-retrieved dynamic secrets.

Agent permits this by allowing users to configure Auto-Auth for a configured Auth Method with a local Vault Binary. Auto-Auth will allow Vault Agent to handle token renewal for them and Agent will also intelligently deal with connectivity issues and other edge cases around token renewal that could lead to performance or accessibility issues for Vault users or applications.

Once authenticated, Vault Agent interacts with a sink: a designated local repository for access tokens. Vault Agent will ensure that the tokens deposited into the sink are always fresh and available for local applications and users to use in accessing secrets or workflows within a Vault server. This obviates the need for users or applications to write logic managing token renewal, allowing them to simply point to tokens within a sink when making requests via the Vault API or another framework communicating with a Vault server.

With the launch of Vault 0.11, Vault Agent will primarily focus on file pathsas a sink. However we will likely expand options in future versions of Vault.

What's Next?

Vault 0.11 contains Vault Agent and a host of other features, such as Namespaces. For more on Vault, see the Vault changelog and stay tuned on the HashiCorp Vault Blog.

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。