Migrate Secrets from AWS Secrets Manager to HashiCorp Vault with Terraform
HTML-код
- Опубликовано: 31 июл 2024
- Learn how to migrate secrets from #aws Secrets Manager to HashiCorp Vault with Terraform.
Andrew at Money Leaves Bank finally convinced Claire, his CIO, that HashiCorp #Vault should be their secrets management solution as they are becoming a multi-cloud company. Now he is faced with the challenge of migrating their secrets hosted in AWS Secrets Manager to HashiCorp Vault. In this blog post, learn why Andrew decides to use #terraform for this task and how he implements the solution.
To accomplish his task, Andrew considers a couple of options:
1. He could use a multi-purpose language such as Python to get the secrets from AWS Secrets Manager and populate them in HashiCorp Vault
2. Use a wide-spread domain-specific language such as Terraform to do the same task
While both options are valid, he considers the expertise within his platform engineering team and finds that his team is more comfortable with Terraform. Moreover, they are adopting a multi-cloud strategy. They just started adding apps to Azure and within 6 months the dev team will build some apps in Google cloud to leverage GCP's machine learning services. He wanted to encourage his team to continue working with Terraform.
One downside to using Terraform for this task is that the secrets will show up in Terraform's state file. He needs to plan for this. He decides to use Terraform Cloud to store the state file securely. Once the secrets are moved successfully he can destroy the Terraform workspace to remove all traces of these secrets.
▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:17 - Scenario
01:36 - Terraform Public Module Overview
03:49 - Terraform101 and Vault101 Announcements
07:07 - Demo Starts
11:52 - Secrets in the State File
12:39 - Important Closing Remarks
▬▬▬▬▬▬▬▬ Useful Links 🛠 ▬▬▬▬▬▬▬
- Blog post ► tekanaid.com/posts/migrate-se...
- Code ► tekanaid.com/posts/migrate-se...
▬▬▬▬▬▬▬▬▬ Courses 🎓 ▬▬▬▬▬▬▬▬
- TeKanAid Academy Subscription ► bit.ly/subscription-premium
- Terraform 101 - Certified Terraform Associate ► bit.ly/hc-terraform-101
🎟️ Get 15% off of my Terraform 101 Course with this coupon ► RUclips15TF101
- HashiCorp Sentinel 101 ► bit.ly/hc-sentinel-101
- HashiCorp Vault 101 - Certified Vault Associate ► bit.ly/hc-vault101
🎟️ Get 15% off of my Vault 101 Course with this coupon ► RUclips15VAULT101
- HashiCorp Vault 201 - Vault for Apps in Kubernetes ► bit.ly/hc-vault-201
▬▬▬▬▬▬▬▬ Community 🌎 ▬▬▬▬▬▬▬▬▬
- TeKanAid Community Forum ► tekanaid.com/community
▬▬▬▬▬▬▬▬ Connect 👋 ▬▬▬▬▬▬▬▬▬
TeKanAid Academy ► tekanaid.com/courses
Website ► bit.ly/TeKanAid_Website
Facebook Page ► bit.ly/TeKanAid_Facebook
Don't forget to subscribe ► bit.ly/TeKanAid_RUclips_Subsc...
MEDIUM ► bit.ly/Sam_Medium
TWITTER TeKanAid ► bit.ly/TeKanAid_Twitter
TWITTER Sam ► bit.ly/Sam_Twitter
LINKEDIN TeKanAid ► bit.ly/TeKanAid_LinkedIn
LINKEDIN Sam ► bit.ly/Sam_linkedin 
Наука
How excatly you're running vault cluster? is it self hosted on some VMs anywhere. more details on that plz. Thats what I am planning to run.
Perhaps any guide?
In this Video I'm using HCP Vault which is a SaaS offering by HashiCorp. I have a full course talking about Vault for Operators. I talk about deployment in Production environments. I deploy it for HA in AWS in an autoscaling group. I also deploy it in EKS in K8s. It's called vault 202, check the courses page at courses.tekanaid.com
why this migratio? is that aws secret manager present some drawbacks comparing to vault ?
Vault has many more features than AWS Secrets Manager. Also, Vault is cloud agnostic.
Shoud be better a demo using a bash cli.
Could be, check out this one doing it with Python ruclips.net/video/lcOYsNdncp0/видео.html