Upload File

using puppet with a secrets server

21
Using Puppet With A Secrets Server 8 October 2015 © 2015 Conjur. All rights reserved. 1

Upload: conjurinc

Post on 20-Jan-2017

674 views

Category:

Technology


4 download

Report

TRANSCRIPT

Page 1: Using Puppet With A Secrets Server

Using Puppet With A Secrets Server8 October 2015

© 2015 Conjur. All rights reserved. 1

Page 2: Using Puppet With A Secrets Server

Hi!

© 2015 Conjur. All rights reserved.2

@KingOAuth

Page 3: Using Puppet With A Secrets Server

Agenda

•Why Deploy a Secrets Server?

• Secrets Management Best Practices

• Puppet & Secrets Walkthrough

© 2015 Conjur. All rights reserved.3

Page 4: Using Puppet With A Secrets Server

WHY DEPLOY A SECRETS SERVER?

© 2015 Conjur. All rights reserved.4

Page 5: Using Puppet With A Secrets Server

Why Deploy A Secrets Server?

© 2015 Conjur. All rights reserved.5

Because you need to:• Store• Manage• Distribute

Secrets such as:• SSL Certificates• App/DB Passwords• API Keys• Dynamic Credentials

Page 6: Using Puppet With A Secrets Server

Core Components of a Secrets Server

© 2015 Conjur. All rights reserved.6

• End to End Encryption

• RBAC for People, Machines, and Code

• Self Auditing

• Fully Programmable with Fine Granularity

• Highly Available Across Any Cloud

Page 7: Using Puppet With A Secrets Server

SECRETS MANAGEMENTBEST PRACTICES

© 2015 Conjur. All rights reserved.7

Page 8: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.8

1. Define A Policy

2. Get Your Secrets Into Source Control

3. Create Host Factories

4. Increase Velocity

5. Orchestrate with the DevOps Tool Chain

Page 9: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.9

1. Define A Policy– Policy Defines Security Rules for

the Infrastructure in code.• Which people, machines are

allowed/denied?• Which credentials will they

require?• Which services are allowed to

talk to each other?

Page 10: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.10

2. Get Your Secrets INTO Source Control

– Secrets.yml• http://conjurinc.github.io/summon/–Ability to rotate keys on-demand

http://conjurinc.github.io/summon/
Page 11: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.11

3. Create Host Factories

– A mechanism for “lifting” a new host (machine, container, or PaaS application into a privileged computing role.

– Key component to delivering securely at speed

Page 12: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.12

4. Increase Velocity

– The goal is to deploy to production on-demand, so consider the tool chain as well.

– Frees up the Puppet Master from being a security choke point

Page 13: Using Puppet With A Secrets Server

Secrets Management Best Practices

© 2015 Conjur. All rights reserved.13

5. Orchestrate with the DevOps Tool Chain

mike d. kail
Since this is PuppetConf, probably best to put them above Chef :)
Page 14: Using Puppet With A Secrets Server

PUPPET & SECRETS WALKTHROUGH

© 2015 Conjur. All rights reserved.14

Page 15: Using Puppet With A Secrets Server

Using Node-Side Secrets With Puppet

© 2015 Conjur. All rights reserved.15

* Presented at PuppetCamp Boston, 2014.

Page 16: Using Puppet With A Secrets Server

Secrets In Manifests

© 2015 Conjur. All rights reserved.16

Page 17: Using Puppet With A Secrets Server

Secrets in hiera

© 2015 Conjur. All rights reserved.17

Page 18: Using Puppet With A Secrets Server

Encrypted hiera entries

© 2015 Conjur. All rights reserved.18

Page 19: Using Puppet With A Secrets Server

Node-Obtained Secrets

© 2015 Conjur. All rights reserved.19

Page 20: Using Puppet With A Secrets Server

Summary

© 2015 Conjur. All rights reserved.20

Page 21: Using Puppet With A Secrets Server

THANK YOU!

© 2015 Conjur. All rights reserved.21

www.conjur.net

@ConjurInc


Downloads.puppetlabs.com Puppet Puppet

SQL Server Licensing Secrets Microsoft Doesn't Want …dh2i.com/wp-content/uploads/2014/10/SQL_Licensing_Rights_Slide... · SQL Server Licensing Secrets Microsoft Doesn't Want You

Puppet At Twitter - Puppet Camp Silicon Valley

The Secrets to Using MS Project Server Effectively

Configuration Management with PuppetConfiguration Management with Puppet client/server. Puppet client/server Secure communication ... Tool to store manifests data. Different Backends

Puppet Dashboard Manual - Agrarixpub.agrarix.net/OpenSource/Puppet/dashboardmanual.pdf · Puppet Dashboard 1.2 Manual This is the manual for Puppet Dashboard 1.2. Overview Puppet

Pulp Puppet Support Documentation · Puppet support requires the namespace /api/v1/at the root of your web server in order to implement an API compatible with Puppet Forge. We don’t

Docker and Puppet — Puppet Camp L.A. — SCALE12X

Linux System Management with Puppet, Gitlab, and R10kscottn/files/toolkit... · SSEC System Components • Puppet –configuration management server • Gitlab–git server, with

State of Puppet 2013 - Puppet Camp DC

State of Puppet - Puppet Camp Austin

Dead Puppet Society Argus Presenter pack - arTour | Home Puppet Society... · by the Dead Puppet Society ... This is not puppet-theatre. It’s a Dead Puppet Society. We create puppet-based,

Building On Puppet and Puppet Forge

State of Puppet - Puppet Camp Barcelona 2013

Puppet Documentation€¦ · An Introduction to Puppet Supported Platforms Installing Puppet — from packages, source, or gems Configuring Puppet — includes server setup & testing

Boundary for puppet @ puppet conf2012

PuppetConf 2016: Nano Server, Puppet, and DSC

The Secrets of SQL Server: Database Worst Practices

Javascript, API, and Server Side - Learn my secrets ofsddconf.com/brands/sdd/library/Javascript_API_and... · Javascript, API, and Server Side - Learn my secrets of success. JAVASCRIPT

Puppet Camp Boston 2014: Securely Managing Secrets with FreeIPA and Puppet (Intermediate)

Process Server Secrets

Printable-Puppet-Dinosaurs - Paging Supermom · Triceratops Puppet Stegosaurus Puppet

The BlackBox Project: Safely store secrets in Git/Mercurial (originally for Puppet)

Building a deployment pipeline - CloudBees...ruby Developer QA - Jenkins Puppet Servers Puppet Puppet Integration tests Production - Jenkins Puppet Servers Puppet Puppet Trigger MCollective

Puppet Camp Dallas 2014: Puppet Keynote

Puppet Camp Berlin 2015: Puppet Keynote

Puppet Camp London 2015: Puppet Contained

Cobbler and Puppet - O'Reilly Mediaassets.en.oreilly.com/1/event/27/Automating System Builds and... · Cobbler and Puppet Controlling your server builds Eric Mandel and Jason Ford

Puppet Camp Atlanta 2014: r10k Puppet Workflow

Puppet Camp Berlin 2014: Manageable puppet infrastructure

Puppet Camp Berlin 2014: Advanced Puppet Design

ConfigMgmtCamp 2015: Puppet Master to Puppet Server

Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees

Big Data Discovery - doag.org · PDF fileHive, Hue, Oozie, Solr NodeManager ODI Agent Puppet ResourceManager Weblogic Server Dgraph HDFS Agent CM Agent Puppet CM Agent DataNode NodeManager

Puppet Camp DC: Puppet for Everybody