Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth +...
Transcript of Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth +...
![Page 1: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/1.jpg)
Secret Management with Vault (and more)
Brian Nuszkowski
![Page 2: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/2.jpg)
● Philosophy
● Architecture
● Components
● Implementation and
Scale
![Page 3: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/3.jpg)
“don't put your eggs in one basket”
“a bird in the hand is worth two in the bush”
“not perfect, but better”
Philosophy
![Page 4: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/4.jpg)
Problem Statement #1: Managing Secrets
Move something,from someplace
To Somewhere
SECRET SECURELY
![Page 5: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/5.jpg)
Operation: Move The Keys
cert.key
![Page 6: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/6.jpg)
Operation: Move The Keys
cert.key
How do you protect and store this?
How is this transport managed?
![Page 7: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/7.jpg)
Philosophy
Obtain
Identify
Placement
SECRET
Operator
![Page 8: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/8.jpg)
Philosophy
IAM
SECRET
![Page 9: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/9.jpg)
Philosophy
IAM
SECRET
system
operator
process
![Page 10: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/10.jpg)
Recap
Problem Statement #1: Managing Secrets
Problem Statement #2:Secure Operations can be Complicated
![Page 11: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/11.jpg)
Architecture
![Page 12: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/12.jpg)
● Written in Golang
● Single binary for client and server○ Other clients available
● HTTP API Interface
● Interaction Languages
○ JSON
○ HCL (HashiCorp
Configuration Language)
![Page 13: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/13.jpg)
storage*
auth + policies
secret
audit
plugin
barrier
configuration
![Page 14: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/14.jpg)
barrierencryption key
master key
storage
![Page 15: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/15.jpg)
Master Key Encryption Keykey encryption key (KEK) data encryption key (DEK)
Data
![Page 16: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/16.jpg)
Barrier Sealed State
Encryption Keydata encryption key (DEK)
Data[ [
![Page 17: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/17.jpg)
Barrier Unsealed State
Master Key Encryption Keykey encryption key (KEK) data encryption key (DEK)
Data[ [
![Page 18: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/18.jpg)
barrierencryption key
master key
storage
![Page 19: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/19.jpg)
Master Key
c2fc4cc7f02da94cd1d621921dff56dc2485407cd0c39b5e5c7422f7d806fe8f
![Page 20: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/20.jpg)
Problem Statement Infinity: Managing Master Key
Move something,from someplace
To Somewhere
SECRET SECURELY
![Page 21: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/21.jpg)
Shamir’s Secret Sharing
c2fc4cc7f02da94cd1d621921dff56dc2485407cd0c39b5e5c7422f7d806fe8f
5d9be2c763a2e90ecdd4ccfc364d0ab4
37c0fcbda5a4dc65b439da18a43ce7fd
0be3021b7874b2e616504e20fa842330
019aa865d9b8449b7fc3bb64b6341bd0
ed8b816a75c88c55a75f21b5bb456cc9m of n
Unseal keys
![Page 22: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/22.jpg)
Key Notes
Unseal Philosophy
● Manually
● Sidecar
● Auto Unseal*
● HSM**
Maintenance
● Rekey● Rotation
![Page 23: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/23.jpg)
Components
![Page 24: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/24.jpg)
storage*
auth + policies
secret
audit
plugin
barrier
![Page 25: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/25.jpg)
storageha_storage
![Page 26: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/26.jpg)
Storage Backends
● All storage backends store data
● Not all storage backends support HA
● Mix-n-Match
● Community Supported
*Subject to change
Backendends*AzureCockroachDBConsulCouchDBDynamoDBEtcdFilesystemGoogle Cloud StorageGoogle Cloud SpannerIn-MemoryMantaMySQLPostgreSQLCassandraS3SwiftZookeeperWrite Your Own!
![Page 27: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/27.jpg)
Storage Backends
storage "mysql" { address = "rds-thingy-us-east-2.aws.computer.net" username = "hugo" password = "stiglitz" database = "vault"}
ha_storage "dynamodb" { ha_enabled = "true" region = "us-west-2" table = "vault-data"}
![Page 28: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/28.jpg)
Auth Backends
auth & policies
![Page 29: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/29.jpg)
Auth Backends
token
auth & policies
LDAP AWS IAM
approle github username/passwordk8sOkta
X-Vault-Token: <YOURTOKEN>
![Page 30: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/30.jpg)
Auth Backends - Token
Key Value--- -----accessor 031b86b6-479c-6d60-c259-adfe3cde7579creation_time 1505450722creation_ttl 300display_name token-cool-tokenexpire_time 2017-09-15T00:50:22.010528189-04:00explicit_max_ttl 0id b9c958e9-0087-14f1-99b0-07710841f7f9issue_time 2017-09-15T00:45:22.010527976-04:00meta map[department:computer]num_uses 0orphan falsepath auth/token/createpolicies [default the-ting-go]renewable truettl 276
token
Special tokens:● Root● Periodic● Orphan
○ Parent■ Child1■ Child2
● GrandChild■ Child3
● Lease, Renew, and Revoke
● TTL○ System○ Mount○ At-creation○ Explicit max
accessor
“The token is the back on which all other authentication is built”
![Page 31: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/31.jpg)
Auth Delegation Implementations + Implications
![Page 32: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/32.jpg)
policiesAttached to the user token as explicitly defined or via group
membership
tokenpoliciespolicies
![Page 33: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/33.jpg)
policiespath "secret/*" { capabilities = ["create"]}
path "secret/foo" { capabilities = ["read"]}
path "auth/token/lookup-self" { capabilities = ["read"]}
● default● root● HCL or JSON
![Page 34: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/34.jpg)
policies
● create (POST/PUT) ● read (GET)● update (POST/PUT)● delete (DELETE) - Allows deleting the
data at the given path.● list (LIST) ● sudo● deny
![Page 35: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/35.jpg)
policies
path "secret/thing" { capabilities = ["create"] allowed_parameters = { "bar" = ["zip", "zap"] "whatever" = [] }}
![Page 36: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/36.jpg)
Backends
secret
![Page 37: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/37.jpg)
Secret Engines
AWSConsulCubbyholeDatabasesGoogle CloudKey/ValueIdentityNomadPKI (Certificates)RabbitMQSSHTOTPTransit
![Page 38: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/38.jpg)
Secret Engine - Key/Valuekv/ (aka secret/)
❯ vault write secret/something username=whatever password=thing Success! Data written to: secret/something
❯ vault read secret/somethingKey Value--- -----refresh_interval 768h0m0spassword thingusername whatever
❯ vault write secret/something password=newpwSuccess! Data written to: secret/something
❯ vault read secret/somethingKey Value--- -----refresh_interval 768h0m0spassword newpw
![Page 39: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/39.jpg)
Secret Engine - PKI
Old Way: ● Create Private Key● Create CSR● Submit CSR● WAIT
New Way:● vault write pki/issue/standard common_name=svc.company.com● Good for End Users● Even Better for Systems
![Page 40: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/40.jpg)
Secret Engines
SSH● Signed SSH Certificates● One Time SSH Passwords
TOTP❯ vault read totp/code/brianKey Value
--- -----
code 666989
Transit● Encrypt/Decrypt● Random Byte Generator● Hashing● HMAC ● Signatures
![Page 41: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/41.jpg)
![Page 42: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/42.jpg)
Backends
audit
![Page 43: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/43.jpg)
Backend - Audit{"time":"2018-04-25T18:43:32.6798613Z","type":"request","auth":{"client_token":"hmac-sha256:0960371a906ddf61e89d4d9246259ee9d4dac0f18880f3ecceada5e4184b7a44","accessor":"hmac-sha256:62c0c468c8fc68fa9d79f55ebb2dee740c6090c9435acb89fd81778aee8f1385","display_name":"root","policies":["root"],"metadata":null,"entity_id":""},"request":{"id":"d7efb81a-9457-0f19-848a-fef3a210c799","operation":"update","client_token":"hmac-sha256:0960371a906ddf61e89d4d9246259ee9d4dac0f18880f3ecceada5e4184b7a44","client_token_accessor":"hmac-sha256:62c0c468c8fc68fa9d79f55ebb2dee740c6090c9435acb89fd81778aee8f1385","path":"secret/data/hello","data":{"data":{"mysecret":"hmac-sha256:189578c2e7314c850f63071e7842f643b1d8c1b6380c8d5599c9d674ff284997"},"options":{}},"policy_override":false,"remote_address":"127.0.0.1","wrap_ttl":0,"headers":{}},"error":""}
{"time":"2018-04-25T18:43:32.680390805Z","type":"response","auth":{"client_token":"hmac-sha256:0960371a906ddf61e89d4d9246259ee9d4dac0f18880f3ecceada5e4184b7a44","accessor":"hmac-sha256:62c0c468c8fc68fa9d79f55ebb2dee740c6090c9435acb89fd81778aee8f1385","display_name":"root","policies":["root"],"metadata":null,"entity_id":""},"request":{"id":"d7efb81a-9457-0f19-848a-fef3a210c799","operation":"update","client_token":"hmac-sha256:0960371a906ddf61e89d4d9246259ee9d4dac0f18880f3ecceada5e4184b7a44","client_token_accessor":"hmac-sha256:62c0c468c8fc68fa9d79f55ebb2dee740c6090c9435acb89fd81778aee8f1385","path":"secret/data/hello","data":{"data":{"mysecret":"hmac-sha256:189578c2e7314c850f63071e7842f643b1d8c1b6380c8d5599c9d674ff284997"},"options":{}},"policy_override":false,"remote_address":"127.0.0.1","wrap_ttl":0,"headers":{}},"response":{"data":{"created_time":"hmac-sha256:4452da60561049f58d83f91796065a79465efcc8211f34e89a568821a96af0f0","deletion_time":"hmac-sha256:43ea9f7f97a2deeade77fcc2ff3ad7ea27ad531a6b30a990c99d2861ba9dd289","destroyed":false,"version":2}},"error":""}
![Page 44: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/44.jpg)
Audit Intelligence
● Root Token Usage
● Raw Barrier Usage
● Usage Analytics
○ Request Breaktown
○ Active Users
○ Request Errors
![Page 45: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/45.jpg)
Implementation & Scale
![Page 46: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/46.jpg)
System Implementation/Design + Evolution
vault
![Page 47: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/47.jpg)
System Implementation/Design + Evolution
vault vault-a vault-b
**
![Page 48: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/48.jpg)
vault vault-a vault-b vault-a vault-b vault-c
load balancer
**remember storage and HA?
** **
deployment implications: isolation, containerization, etc
![Page 49: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/49.jpg)
Adoption and Scaling
● Technical Scaling is straightforward
● Scaling adoption and policy
management is not
○ 4 questions for onboarding:
1. Identify what data will be stored in
Vaulta. Or if other secret backends need to be
leveraged
2. Identify who will manage this data
3. Identify and document who (user) or
what (robots, computers, applications,
etc) will need access to read this data
4. Using #3, identify and implement an
adequate authentication and retrieval
method
![Page 50: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/50.jpg)
Advanced Topics
● Plugins
● Sentinel
● Read the API Docs
● Read the Code
![Page 51: Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master](https://reader034.fdocuments.us/reader034/viewer/2022042803/5f45dc00dd365e4ad5771383/html5/thumbnails/51.jpg)
The End