White paper on the secret sharing implementation in Hashicorp’s Vault

Securing a secret, whether it's a password, sensitive information or a cryptographic key, is hard to get right. Hashicorp's Vault attempts to remove the headaches by providing simple APIs no matter what form the storage back-end takes. I have just finished a report which looks into part of the implementation of Vault to show the mechanisms used to protect user's … Continue reading White paper on the secret sharing implementation in Hashicorp’s Vault

Advertisements

Velocity 2015, 1: Keeping Secrets Secret

I  was fortunate enough to attend Velocity in Amsterdam this year, which followed several major themes - one of which being security. This post was inspired by a presentation given by Alex Schoof entitled "Managing Secrets at Scale". Alex covered many areas, including how to control the use of secrets, how they can be made highly available … Continue reading Velocity 2015, 1: Keeping Secrets Secret