وبلاگ بلیان

Running HashiCorp Vault in Production

جلد کتاب Running HashiCorp Vault in Production

معرفی کتاب «Running HashiCorp Vault in Production» نوشتهٔ Unknown و Dan McTeer, Bryan Krausen، منتشرشده توسط نشر 1 در سال 2020. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Flexibility and security. Two characteristics that cannot be compromised in the age of multi-cloud and DevOps, yet most secrets management tools were designed around the idea that both cannot be achieved together. Enter HashiCorp Vault, built around the philosophy that securing secrets is more effective when the interaction of a secrets management service aligns with other DevOps tools available today. Vault has quickly become the de-facto solution in secrets management over recent years, finding its way into many Global 2000 companies. This book will cover multiple aspects of Vault, from planning the service, architectural design, and deployment of Vault, to managing the service once it is up and running. With a combined 40 years of experience working in technology and more than three years working specifically with Vault, Bryan and Dan walk users through the process of designing and building a production-ready Vault service. NOTE: Paperback copies will be available the same day as the Kindle version. If your prefer a paperback copy, please wait till the release date to order. Bryan Krausen Dan McTeer The Basic Components Paths Secrets Engines Auth Methods Tokens Policies The Vault Service Process Phase 1 - Preparation Phase 2 - User Interaction Phase 3 - Cleanup The Vault API Vault Interfaces Using the API Using the CLI Using the Web UI General Consumer Interaction Administrative Interaction Security and Compliance Interaction Programmatic Interaction Business Requirements Technical Requirements Security Requirements End-User Requirements Requirements Gathering Process Determining Service-Level Objectives Mapping Service-Level Indicators Service-Level Reporting Fault Tolerance Vault Clustering Accessing the Vault Service Node Placement Storage Backend Integrated Storage Consul Storage Backend Replication Design Disaster Recovery (DR) Replication Performance Replication Choosing Between Replication Types Single Cluster Multi-Cluster - Single Region/Data Center Redundancy Scale Limitations Multi-Cluster - Multiple Regions/Data Centers Redundancy Scale Disaster Recovery Integrated Storage Consul Storage Preparation Building the Foundation Deploying Vault Choosing the Support Team Support Team Experience Site Reliability Engineer - Required Experience DevOps Engineer - Required Experience Senior DevOps Engineer Team Composition Support Phases Phase One Phase Two Phase Three Staffing Recommendations Operating System Configuration System Hardening Configure /tmp Disable Auto-Mounting (autofs) Configure SSH Service Accounts Local User Accounts Disable Command History Disable Core Dumps Additional Configuration Log Rotation Configuration Management Building a Base Image Maintaining a Base Image Deployment Vault Configuration File Storage Backend Listener Seal Type Additional Parameters Putting It All Together Vault Service Configuration Vault User Vault Service File Operational Monitoring Security Monitoring Performance Monitoring Tracer Bullets Tools for Success Automated Deployments Configuration Management Service Validation New Build Validation Service Benchmarking Feature Validation Data Restoration Incident Management Support Documentation Onboarding Guides Best Practices Guides Reducing Footprint Managing TTLs Managing Connections Coding for Reliability Segregate Actions Code Examples Quick Start Guides Namespace Management Frequently Asked Questions (Optional) Prepare Build Deploy Launch Common Auth Methods AppRole Auth Method Configuring AppRole Cloud Provider Auth Method Configuring a Cloud Provider Auth Method OIDC Auth Method Configuring the OIDC Auth Method LDAP Auth Method Configuring the LDAP Auth Method Common Secrets Engines Key/Value Secrets Engine K/V Version 1 K/V Version 2 Organizing Data Configuring the K/V Secrets Engine Working with the K/V Secrets Engine Working with K/V Version 1 Working with K/V Version 2 Database Secrets Engine Configuring the Database Secrets Engine Transit Secrets Engine Configuring the Transit Secrets Engine Cloud Provider Secrets Engine Configuring the AWS Secrets Engine PKI Secrets Engine Configuring the PKI Secrets Engine Anatomy of a Vault Policy Building Policies Using the Wildcard (*) Parameter Constraints Using Deny Managing Policies List Vault Policies Write a Vault Policy Read a Vault Policy Delete a Vault Policy Types of Audit Logs File Audit Device Syslog Audit Device Socket Audit Device Using Multiple Audit Devices Consuming Audit Logs File Audit Device Syslog Audit Device Socket Audit Device Security Patches Bug Fixes Software Upgrades Adjusting Node Resources Adding Clusters Unused Tokens Unused Entities Unused Mounts/Namespaces Performing Maintenance Live Maintenance Validation Pipelines Log Aggregation Tools Blue-Green Deployment Principles of Scaling How to Scale the Vault Service Building the Base Clusters Secrets Engines Consul Limitations Segregating Data Scaling Individual Clusters Scaling Out with Clusters Automated Processes Training Community Optimizing the Vault Service Performance Replication Disaster Recovery Replication Replication Configuration Promoting a Secondary Cluster Path Filters Local Mounts Disaster Recovery Failover Using a Performance Replication Cluster Failover Using a DR Replication Cluster Storage Snapshots Vault Seal The Cause The Solution Loss of Keys The Cause The Solution Loss of the Storage Backend The Cause The Solution Memory Exhaustion The Cause The Solution Expired TLS Certificates The Cause The Solution Audit Logs Fail to Write The Cause The Solution Denial of Service The Cause The Solution Replication Issues/Failures (Enterprise) The Cause The Solution Service Adoption Flexible Standards Relationships of Trust Service Onboarding Onboarding Tools Onboarding Process Onboarding Phases Onboarding Applications Migrations Patterns Migrating from Existing Tools Migrating from Code Deploying Vault with Kubernetes Kubernetes Auth Method Configuring the Kubernetes Auth Method Enabling Secret Retrieval for Containers Registering the Vault Service with Consul Connecting to Vault using Consul Deploying Vault Infrastructure with Terraform Configuring Vault Using the Terraform Provider Configure Vault Provider and Credentials Configure Vault Components Using Terraform Consuming Secrets with Terraform The Vault Process The Problem The Solution Preparation Code Overview Code Process Non-HA Script Overview HA Script Overview Benefits of the HA Script Additional Considerations
دانلود کتاب Running HashiCorp Vault in Production