Martez Reed- 13 Jul, 2022
Detecting HashiCorp Vault Policy Changes
Security of a HashiCorp Vault deployment is of paramount importance given the sensitive nature of the information contained within the platform. …
-
Martez Reed
- 17 May, 2022
HashiCorp Terraform Checksum Verification
How do we verify that the Terraform binary we download is the same as the one HashiCorp produced? Ensuring the integrity of software is important to …
-
Martez Reed
- 16 May, 2022
HashiCorp Terraform Code Signing
Signing software has become critically important given the recent supply chain attacks. How do we verify that the software we’re downloading is …
-
Martez Reed
- 21 Apr, 2022
Enabling Cloud Workload Identity for vSphere Virtual Machines
One of the major benefits of using the public cloud is the integrated identity and access management (IAM). This simplifies the process of granting …
-
Martez Reed
- 01 Dec, 2021
HashiCorp Vault Unique AppRole Identity Logging
HashiCorp Vault supports several authentication methods for human and non-human access. Several of the non-human authentication methods are tied to …
-
Martez Reed
- 16 Feb, 2021
HashiCorp Vault vSphere Authentication with VMware Event Broker Appliance (VEBA)
HashiCorp Vault supports a number of authentication methods including methods that utilize what HashiCorp refers to as a “trusted …
-
Martez Reed
- 25 May, 2020
Identifying Active HashiCorp Vault Root Tokens
Revoking the root token on a production HashiCorp Vault deployment is one of the recommended best practices for securing an instance of HashiCorp …
-
Martez Reed
- 20 May, 2020
Detecting HashiCorp Vault Root Token Generation
HashiCorp Vault generates a default root token during installation and best practice dictates that the token should be revoked once the deployment has …
-
Martez Reed
- 09 Feb, 2020
Detecting HashiCorp Vault Root Login
Security of a HashiCorp Vault deployment is of paramount importance given the sensitive nature of the information contained within the platform. …
-
Martez Reed
- 07 Aug, 2018
Vault Hardening Compliance using Chef InSpec
HashiCorp Vault is quickly becoming the defacto secrets management platform used in environments that rely on DevOps concepts for application …
-
Martez Reed
- 01 Feb, 2018
Vault Audit Logging
Vault (https://www.vaultproject.io/) is a secrets management tool created by HashiCorp that is extremely popular. Given the sensitive nature of the …
-
Martez Reed
- 01 May, 2017
vRealize Automation 7.2 hardening compliance with vRO and Splunk
In this post we’ll walk through how we can utilize vRealize Orchestrator and Splunk to determine how compliant our vRA appliance is with the …