HashiCorp Vault - Secrets Management | Atyeti

"Integrate security into every phase of your cloud journey- Put zero trust into action."

The database/system administrators and developers were storing the database credentials on their local devices.
These database credentials were stored in plain text and not encrypted.
No policy enforcement of password rotation.
Database passwords were scattered throughout the enterprise in undocumented locations.
Some databases had unchanged passwords for extended periods of time.
There were database passwords stored on source control repos that had no audit trails.
Expensive compliance audit failures.

High-Level target state Vault architecture (including DR)
Summary of Phase 1 Vault architecture, including secrets engines, namespace design, authentication design, policy design, workflows, and overall Vault configuration
High-level documentation of planned future implementation phases, where applicable (e.g.,future functionality expansion such as new secrets engines)
DevSecOps review (CI/CD workflows, security, IAM, network, etc.)
Management presentation summarizing findings including a list of assumptions issues/concerns System
Database admin and application dev training of Vault API, UI and CLI

Admins and developers relieved of the burden of secure database password management, as Vault now takes care of dynamically rotating passwords, while providing seamless role-based, role-appropriate access .
Greatly improved application and database security, once developers and admins are trained to use Vault's API to store and retrieve passwords from the Vault.
Vastly improved access control, auditing and oversight of database secrets.
Automation/integration of secrets management, reducing overhead, costs and potential for pilot errors.
Regulatory (e.g., FIPS) compliance capability.