HashiCorp Vault 密封问题
HashiCorp Vault sealing questions
我已经开始使用 Hashicorp 的 Vault 来管理机密,并且对 Vault 密封的日常工作有一些疑问。我的工作流程有两个身份验证后端;特定用户访问具有写入权限的 Vault 以添加新机密,服务器对他们需要的机密具有只读访问权限。
1) 正常情况下,金库会一直处于未封状态吗?我相信动态配置的服务器不必协调解封。
2) 对车外工作人员进行密封的目的是为了轮换钥匙和防止入侵吗?
3) 确保保管库进程始终 运行 的最佳做法是什么,因为如果它死亡,保管库将密封?另外,在高可用配置中,如果一个 Vault 节点的进程挂掉了,它是否会为所有人密封 Vault?
摘自https://www.vaultproject.io/docs/concepts/seal.html:
- "Under normal circumstances, does the Vault stay in an unsealed state?" -
When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it.
Unsealing is the process of constructing the master key necessary to
read the decryption key to decrypt the data, allowing access to the
Vault.
Prior to unsealing, almost no operations are possible with Vault. For
example authentication, managing the mount tables, etc. are all not possible. The only possible operations are to unseal the Vault and check the status of the unseal.
- "Is the purpose of sealing to off-board staff to rotate keys and in case of an intrusion?" -
This way, if there is a detected intrusion, the Vault data can be locked
quickly to try to minimize damages. It can't be accessed again without access to the master key shards.
- "since if it dies the Vault will seal?" - 是的。
我在 Vault Google 群组上问了这个问题,这是最佳回复:
1) Under normal circumstances, does the Vault stay in an unsealed
state? I believe it would as a dynamically provisioned server should
not have to coordinate an unseal.
是的。一旦 Vault 被初始化和解封,它 'normally' 就会留在一个
未密封状态。
2) Is the purpose of sealing to off-board staff to rotate keys and in
case of an intrusion?
Vault 的密封启用了一个交钥匙机制来停止所有服务
金库。它需要特定数量的开封密钥持有者才能
使 Vault 再次运行。
3) What's the best practice for ensuring the vault process is always
running, since if it dies the Vault will seal? Also, in a highly
available configuration, if one Vault node's process dies, does it
seal the Vault for everyone?
对此没有官方的最佳实践建议。但
运行 专用的 instance/cluster 保险库
limited/no-access 到它的记忆中。 运行 HA 模式下的 Vault 使用
支持它的后端很好。如果任何集群节点出现
关闭或者如果 Vault 进程重新启动,它将处于密封状态
状态,并需要执行开封操作才能使
它可以运行。
最好的,
维沙
我已经开始使用 Hashicorp 的 Vault 来管理机密,并且对 Vault 密封的日常工作有一些疑问。我的工作流程有两个身份验证后端;特定用户访问具有写入权限的 Vault 以添加新机密,服务器对他们需要的机密具有只读访问权限。
1) 正常情况下,金库会一直处于未封状态吗?我相信动态配置的服务器不必协调解封。
2) 对车外工作人员进行密封的目的是为了轮换钥匙和防止入侵吗?
3) 确保保管库进程始终 运行 的最佳做法是什么,因为如果它死亡,保管库将密封?另外,在高可用配置中,如果一个 Vault 节点的进程挂掉了,它是否会为所有人密封 Vault?
摘自https://www.vaultproject.io/docs/concepts/seal.html:
- "Under normal circumstances, does the Vault stay in an unsealed state?" -
When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn't know how to decrypt any of it.
Unsealing is the process of constructing the master key necessary to read the decryption key to decrypt the data, allowing access to the Vault.
Prior to unsealing, almost no operations are possible with Vault. For example authentication, managing the mount tables, etc. are all not possible. The only possible operations are to unseal the Vault and check the status of the unseal.
- "Is the purpose of sealing to off-board staff to rotate keys and in case of an intrusion?" -
This way, if there is a detected intrusion, the Vault data can be locked
quickly to try to minimize damages. It can't be accessed again without access to the master key shards.
- "since if it dies the Vault will seal?" - 是的。
我在 Vault Google 群组上问了这个问题,这是最佳回复:
1) Under normal circumstances, does the Vault stay in an unsealed
state? I believe it would as a dynamically provisioned server should
not have to coordinate an unseal.
是的。一旦 Vault 被初始化和解封,它 'normally' 就会留在一个 未密封状态。
2) Is the purpose of sealing to off-board staff to rotate keys and in
case of an intrusion?
Vault 的密封启用了一个交钥匙机制来停止所有服务 金库。它需要特定数量的开封密钥持有者才能 使 Vault 再次运行。
3) What's the best practice for ensuring the vault process is always
running, since if it dies the Vault will seal? Also, in a highly
available configuration, if one Vault node's process dies, does it
seal the Vault for everyone?
对此没有官方的最佳实践建议。但 运行 专用的 instance/cluster 保险库 limited/no-access 到它的记忆中。 运行 HA 模式下的 Vault 使用 支持它的后端很好。如果任何集群节点出现 关闭或者如果 Vault 进程重新启动,它将处于密封状态 状态,并需要执行开封操作才能使 它可以运行。
最好的, 维沙