As someone who has been involved in various IT environments over more than two decades (public/private), I’ve had the opportunity to work with many diverse groups and platforms. I’ve seen the transition from basic HTML to dynamic website, from server sprawl to virtual machine consolidation to containers. As a result, I’ve seen both large and small organizations begin to reduce their overall infrastructure, speed up application development, move data in near real-time, and seek to increase service resilience.
With all these changes over time, there is one item that has not been truly addressed until recently. This is the concept of “secret sprawl”. We all have seen the growth of using passwords, keys, and/or certificates in our daily life. For anyone in the IT industry this is a given truth. The question boils down to how do we manage the sprawl of secrets?
As I’ve started to answer this question, I came upon the HashiCorp suite of products that allows organizations to manage a wide range of topics. The one that stuck out to me was the HashiCorp Vault product. After spending a lot time in the Oracle ecosystem, I find it interesting that most of the HashiCorp products do not focus on this ecosystem. I can only reason this is due to Oracle’s slow progression into the cloud. All other platforms (AWS, Microsoft, Google) are all supported, but Oracle still has to win over the HashiCorp staffers to get the recognized. The good news is that this doesn’t preclude HashiCorp products from working with the Oracle ecosystem. I’m actually using it to secure secrets on-premises and in OCI.
I’m excited to share my learning journey so you can begin utilizing Vault within your organizations to control the sprawl of secrets. At the same time, automate password rotations, dynamically support application users, and secure secrets across on-premises or any cloud.
To get started with HashiCorp Vault, I recommend diving into the Getting Started collection. This collection of tutorials walk you though the core features and functionality of Vault. The interactive labs provide you a great way of learning by doing, all from your web browser. In addition to the introduction tutorials, the Certification Guide is great for guiding you through a personal learning journey. These interactive labs and certification guide lends themselves to how you want to learn. Making it easy for anyone to quickly understand HashiCorp Vault. No matter how you learn, you can understand the outline and cover the core concepts by learning small lessons while still staying at a high level.
With HashiCorp Vault’s focus on security, encryption, and controlling secrets sprawl, I still found some of the concepts were challenging to grasp due to the thought process needed to map out concepts. Throughout my career, I have been using different secret management approaches, but a lot of them were either coping spreadsheets, storing secrets on a Sharepoint site for various reasons, or just by who ever knew the information. Making the discovery of HashiCorp Vault that much more valuable in changing these concepts and cultures.
Next Steps … let the fun begin
After learning the basics of HashiCorp Vault, the next steps for me was to learn as much as I can, by implementing the knowledge gained from the Getting Started guides. This helped me solidify the concepts within a familiar environment on my local development framework (VBox & Docker). The added benefit here is that I now have a security layer built within my development framework that allows me to control all secrets from a centralized interface. Whether I’m working in Oracle, AWS, GCP, Azure, or on-premises (Oracle, Postgres, etc.) I have a reliable solution to retain secrets.
As the world in which we work and the technology we use evolves, it is great to see a company like HashiCorp producing products that drives a global approach to security.
I’ll continue to create and update HashiCorp Vault content that best serves customers and hopefully help others a long their learning journey.
Wish you all the best as you begin looking at this secrets management tool and finding ways to integrate it into your ecosystems. If I can help in any ways, please reach out.
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.