Retrieving Secrets Securely

Thomas Gray recently posted about how he and his team integrated with Vault for secret management using Rancher as a source of truth for authentication and authorisation. This is a follow on post which discusses how my team and I approached a similar problem. What did we need to do? We were building authentication and authorisation services … Continue reading Retrieving Secrets Securely

Generating New Master Key Shares in Vault

Vault makes use of Shamir's secret sharing scheme to split a master key into n pieces, requiring at least k of them to be presented at 'unseal' time. At initialisation time, the user specifies what values n and k should take. Vault does not make it possible to change the number of shares after initialisation … Continue reading Generating New Master Key Shares in Vault

White paper on the secret sharing implementation in Hashicorp’s Vault

Securing a secret, whether it's a password, sensitive information or a cryptographic key, is hard to get right. Hashicorp's Vault attempts to remove the headaches by providing simple APIs no matter what form the storage back-end takes. I have just finished a report which looks into part of the implementation of Vault to show the mechanisms used to protect user's … Continue reading White paper on the secret sharing implementation in Hashicorp’s Vault