Download - Using Puppet With A Secrets Server
![Page 1: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/1.jpg)
Using Puppet With A Secrets Server8 October 2015
© 2015 Conjur. All rights reserved. 1
![Page 2: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/2.jpg)
Hi!
© 2015 Conjur. All rights reserved.2
@KingOAuth
![Page 3: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/3.jpg)
Agenda
•Why Deploy a Secrets Server?
• Secrets Management Best Practices
• Puppet & Secrets Walkthrough
© 2015 Conjur. All rights reserved.3
![Page 4: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/4.jpg)
WHY DEPLOY A SECRETS SERVER?
© 2015 Conjur. All rights reserved.4
![Page 5: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/5.jpg)
Why Deploy A Secrets Server?
© 2015 Conjur. All rights reserved.5
Because you need to:• Store• Manage• Distribute
Secrets such as:• SSL Certificates• App/DB Passwords• API Keys• Dynamic Credentials
![Page 6: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/6.jpg)
Core Components of a Secrets Server
© 2015 Conjur. All rights reserved.6
• End to End Encryption
• RBAC for People, Machines, and Code
• Self Auditing
• Fully Programmable with Fine Granularity
• Highly Available Across Any Cloud
![Page 7: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/7.jpg)
SECRETS MANAGEMENTBEST PRACTICES
© 2015 Conjur. All rights reserved.7
![Page 8: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/8.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.8
1. Define A Policy
2. Get Your Secrets Into Source Control
3. Create Host Factories
4. Increase Velocity
5. Orchestrate with the DevOps Tool Chain
![Page 9: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/9.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.9
1. Define A Policy– Policy Defines Security Rules for
the Infrastructure in code.• Which people, machines are
allowed/denied?• Which credentials will they
require?• Which services are allowed to
talk to each other?
![Page 10: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/10.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.10
2. Get Your Secrets INTO Source Control
– Secrets.yml• http://conjurinc.github.io/summon/–Ability to rotate keys on-demand
![Page 11: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/11.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.11
3. Create Host Factories
– A mechanism for “lifting” a new host (machine, container, or PaaS application into a privileged computing role.
– Key component to delivering securely at speed
![Page 12: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/12.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.12
4. Increase Velocity
– The goal is to deploy to production on-demand, so consider the tool chain as well.
– Frees up the Puppet Master from being a security choke point
![Page 13: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/13.jpg)
Secrets Management Best Practices
© 2015 Conjur. All rights reserved.13
5. Orchestrate with the DevOps Tool Chain
![Page 14: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/14.jpg)
PUPPET & SECRETS WALKTHROUGH
© 2015 Conjur. All rights reserved.14
![Page 15: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/15.jpg)
Using Node-Side Secrets With Puppet
© 2015 Conjur. All rights reserved.15
* Presented at PuppetCamp Boston, 2014.
![Page 16: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/16.jpg)
Secrets In Manifests
© 2015 Conjur. All rights reserved.16
![Page 17: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/17.jpg)
Secrets in hiera
© 2015 Conjur. All rights reserved.17
![Page 18: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/18.jpg)
Encrypted hiera entries
© 2015 Conjur. All rights reserved.18
![Page 19: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/19.jpg)
Node-Obtained Secrets
© 2015 Conjur. All rights reserved.19
![Page 20: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/20.jpg)
Summary
© 2015 Conjur. All rights reserved.20
![Page 21: Using Puppet With A Secrets Server](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5881387d1a28abf65a8b4875/html5/thumbnails/21.jpg)
THANK YOU!
© 2015 Conjur. All rights reserved.21
www.conjur.net
@ConjurInc