SoftServe使用HashiCorp Vault工具来保护秘密安全

SoftServe chooses HashiCorp Vault tool to keepa client’s platform secrets secure and accessible to users The client also desired otherfeatures, including: As part of this migration,our client identified severalchallenges: •Proven cybersecurity•A modern platform with along support cycle•Flexibility and extensibility•The ability to performself-diagnostic and auto-remediation •The need to protect secretsby monitoring their systemfrom potential securitythreats, which would ensuregranular, role-based accessto only authorized users. You know that keeping secretssecret on your platform iscrucial. Secret information canbe anything that requires restrictedaccess: customer data, pricinginformation, sales plans, passwords,the list goes on. But the mostimportant thing about secrets is thatthey must be accessible to those whoneed to see them — and not to thosewho shouldn’t. And that doesn’t just apply to fancy,new applications but also ubiquitoustools like a platform monitoringsystem. You can’t get away with usingstatic passwords and keys anymore. Migration from older, less capablesoftware is always a majorundertaking, and it’s essential toensure that your platform’s securitymeasures are up to date. You needa firm set of cybersecurity goalsand tools at the center of yourimplementation plan. •A reliable and highly availablesolution to host secrets. •Round-the-clock platformmonitoring, which wouldallow for a highly availablemonitoring system. SoftServe Uses HashiCorp Vault to Keep Client Secrets SafeSecret handling is now requiredjust about everywhere. That meanssensitive information must be securewith granular access control andcompliance with industry regulationsto make your system less vulnerableand more stable in the face ofpotentially dangerous activities. Our client, a global provider ofhigh-tech expertise and solutionsto governments, businesses, andnonprofit organizations, realizedtheir growth required the migrationof their present monitoring system toa more powerful solution. During their preliminary research into the project, the clientrecognized the scope of the migration would require the help of areliable technology partner with extensive expertise in cybersecurity.A partner with a proven track record in planning and executingcomplex projects with distributed product development teams usingthe latest best practices. SoftServe got the nod. SOLUTION Following an initial review ofthe client’s requirements andgoals for the project, SoftServeselected HashiCorp Vault as one ofthe key tools to be deployed, alongwith a Zabbix monitoring solution. Vault works by authenticating andauthorizing users, machines, andapps before providing them accessto secrets or stored sensitive data. Itgives users access controls, dynamicsecrets, and the ability to audit andrevoke secrets. To satisfy Zabbix’s requirements foran uninterrupted connection to theVault cluster, an integrated storage(RAFT) backend was chosen for datareplication. PowerDNS was chosenas a load-balancing mechanism toaccess Vault. PLANNING AND PROJECTIMPLEMENTATION THE TECHSTACK In planning this project, a dedicated team from SoftServe was formed, joiningmembers of our client’s DevOps team to determine their requirements. ZABBIXPOSTGRESQLHASHICORP VAULTPOWERDNS SoftServe designed, configured, and implemented a new monitoringsystem, along with PowerDNS and HashiCorp Vault to satisfy the highavailability requirements. Our solution allowed this client to monitorseveral parameters within a network, including the health and integrity ofassociated servers. RESULTS SoftServe developed areliable monitoring solutionwith secure methods forstoring secrets and other sensitiveinformation. The team alsoautomated the provisioning ofcustomer services to the Zabbixmonitoring system. That allowed ourclient’s DevOps teams to onboardservices to the Zabbix monitoringsystem and create a predefinedsecret engine within HashiCorp Vault. Overall, HashiCorp Vault can protectyou from leaked credentials that candamage your organization’s businessand reputation by configuring yourgenerated secrets to automaticallyexpire — or be maintained — for aslong as you desire. Want to learn more about how SoftServe can help you strengthen and improveyour organization’s platform security and best practices using HashiCorp Vault?Click the button below and let’s talk! LET’S TALK! About SoftServe We are advisors, engineers, and designers who deliver innovation, quality, andspeed — elevating and accelerating our clients’ digital journeys. Our approach is built on a foundation of empathetic, human-focused experiencedesign that ensures value and continuity from concept to release. Hot Links info@softserveinc.comwww.softserveinc.com Contacts EUROPEAN HQ BERLIN NORTH AMERICAN HQ 201 W 5th Street, Suite 1550Austin, TX 78701+1 866 687 3588 (USA)+1 647 948 7638 (Canada) 30 Cannon StreetLondon EC4 6XHUnited Kingdom+44 333 006 4341 Kurfürstendamm 11Berlin 10719+49 30 300 149 314 0Tol