[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#902677: ITP: vault -- secrets and privileged access management, encryption as a service

Package: wnpp
Severity: wishlist
Owner: Dmitry Smirnov <onlyjob@debian.org>
X-Debbugs-CC: debian-devel@lists.debian.org, pkg-go-maintainers@lists.alioth.debian.org
Control: tag -1 help

   Package name: vault
        Version: 0.9.6
Upstream Author: HashiCorp
        License: MPL-2.0
            URL: https://www.vaultproject.io/
    Vcs-Browser: https://salsa.debian.org/go-team/packages/vault.git
    Description: secrets and privileged access management, encryption as a service
 Vault secures, stores, and tightly controls access to tokens, passwords,
 certificates, API keys, and other secrets in modern computing. Vault
 handles leasing, key revocation, key rolling, and auditing. Through a
 unified API, users can access an encrypted Key/Value store and network
 encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL
 databases, X.509 certificates, SSH credentials, and more.
 The key features of Vault are:
  * Secure Secret Storage: Arbitrary key/value secrets can be stored in
    Vault. Vault encrypts these secrets prior to writing them to persistent
    storage, so gaining access to the raw storage isn't enough to access
    your secrets. Vault can write to disk, Consul, and more.
  * Dynamic Secrets: Vault can generate secrets on-demand for some systems,
    such as AWS or SQL databases. For example, when an application needs to
    access an S3 bucket, it asks Vault for credentials, and Vault will
    generate an AWS keypair with valid permissions on demand. After
    creating these dynamic secrets, Vault will also automatically revoke
    them after the lease is up.
  * Data Encryption: Vault can encrypt and decrypt data without storing it.
    This allows security teams to define encryption parameters and
    developers to store encrypted data in a location such as SQL without
    having to design their own encryption methods.
  * Leasing and Renewal: All secrets in Vault have a lease associated with
    it. At the end of the lease, Vault will automatically revoke that
    secret. Clients are able to renew leases via built-in renew APIs.
  * Revocation: Vault has built-in support for secret revocation. Vault can
    revoke not only single secrets, but a tree of secrets, for example all
    secrets read by a specific user, or all secrets of a particular type.
    Revocation assists in key rolling as well as locking down systems in
    the case of an intrusion.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: