This post first appeared on TeKanAid’s blog.
Overview
In this post, we discuss and demo HashiCorp Waypoint which is one of the two latest HashiCorp products released at HashiConf Digital in October 2020. The other product was HashiCorp Boundary for secure sessions management for human to machine access. We recently wrote a blog post covering HashiCorp Boundary so check it out if you haven’t already.
tl;dr you can find the code for this post in the webblog app repo. Moreover, below is a video explanation.
Video Chapters
You can skip to the relevant chapters below:
This post first appeared on TeKanAid’s blog.
Overview
In this blog post, we talk about how to use consul-template to automate certificate management for the HashiCorp Vault PKI secrets engine.
We previously discussed how the HashiCorp Vault PKI secrets engine works to create certificates. However, we didn’t discuss how to automate the creation and renewal of certificates. This is what we cover here.
We have the same setup as before with Vault running a root and an intermediate CA. Then we configure consul-template to automatically:
- Authenticate to Vault
- Renew the Vault authentication token
- Create a new certificate in Vault
- Place the…
This post first appeared on TeKanAid’s blog.
Overview
Certificate management is not an easy task. Most system administrators dread the day they have to work on renewing a certificate. This is because of a couple of reasons:
- It’s a manual and complex process done every few years, so it’s hard to remember everything. Therefore, you’ll find that system administrators have a method of procedure stored somewhere for when they need to go through this process again.
- It’s risky because it may incur an outage during the process.
HashiCorp Vault’s Public Key Infrastructure (PKI) secrets engine can streamline distributing TLS certificates and…
This post first appeared on TeKanAid’s blog.
Overview
We’ve come to the fourth and final post in the blog post series called End-to-End Infrastructure and Application Deployment. Today we bring together all the concepts discussed in the three prior blog posts.
Here is what we’ve covered so far:
- In part 1, we discussed the HashiCorp Vault Azure Secrets Engine. That was the first step in securely automating our CI/CD pipeline. The purpose was to deliver Azure credentials dynamically for provisioning resources in Azure.
- In part 2, we looked at how to build our Jenkins VM to be used as our CI/CD…
This post first appeared on TeKanAid’s blog.
Overview
We’ve reached our third post in the blog post series called End-to-End Infrastructure and Application Deployment. Here is what we’ve done so far:
- In part 1, we discussed the HashiCorp Vault Azure Secrets Engine. That was the first step in securely automating our CI/CD pipeline. The purpose was to deliver Azure credentials dynamically for provisioning resources in Azure.
- In part 2, we looked at how to build our Jenkins VM to be used as our CI/CD pipeline using HashiCorp Packer, Terraform, Docker, and Ansible
Now let’s turn our focus to the topic of…
This post first appeared on TeKanAid’s blog.
Overview
Welcome to our second post in the blog post series called End-to-End Infrastructure and Application Deployment. In part 1, we discussed the HashiCorp Vault Azure Secrets Engine. That was the first step in securely automating our CI/CD pipeline. The purpose was to deliver Azure credentials dynamically for provisioning resources in Azure.
Our focus for this blog post is on the second step and that is to set up our CI/CD pipeline with Jenkins. This is done by following the steps below:
- Use Packer to build an Azure image that has Docker installed.
- Create…
This post first appeared on TeKanAid’s blog.
Overview
In this blog post, we talk about the HashiCorp Vault Azure Secrets Engine. This is the first blog post in a new blog post series called End-to-End Infrastructure and Application Deployment.
The goal of this series is to learn best practices around the automation of infrastructure provisioning and application deployment.
We cover the concepts of Infrastructure as Code, CI/CD, secrets management, dynamic secrets, the secret zero problem, service mesh, and more. Our cloud of choice is Azure for this series. Our focus for this blog post is on the first step and that…
This post first appeared on TeKanAid’s blog.
Overview
In this post, we discuss and demo secure sessions management for human to machine access using HashiCorp Boundary. HashiCorp Boundary is one of two recent products announced at the latest HashiConf Digital in October 2020. The other product is HashiCorp Waypoint which we’ll demo in a separate blog post.
tl;dr you can find the code for this post in the boundary intro repo. Moreover, below is a video explanation.
Video Chapters
You can skip to the relevant chapters below:
This post first appeared on TeKanAid’s blog.
Overview
This is Part 4 and the final post of our Webblog app series. In this post, we make use of the entire HashiStack. This is similar to the previous setup used in Part 3, except that we swap Kubernetes for Nomad as our orchestrator.
As a quick recap, my goal was to learn the different HashiCorp tools by developing a web app called the Webblog app.
- In Part 1, we discussed infrastructure as code and policy as code concepts. We also showed how to prepare the infrastructure for the app using Terraform. We…
This post first appeared on TeKanAid’s blog.
Overview
We’ve reached Part 3 of our Webblog app series. In this post, we show how to use the Consul Connect Service Mesh with our Webblog app. As a reminder, my goal was to learn the different HashiCorp tools by developing a web app called the Webblog app.
- In Part 1, we discussed Infrastructure as Code and Policy as Code concepts. We also showed how to prepare the infrastructure for the app using Terraform. We built a Vault cluster backed by a Consul cluster for storage. …
Sam Gabrail
DevSecOps and Infrastructure Automation Advocate
