undefined | Better HN

0 pointsfalsedan9y ago0 comments

I don't understand the distinction.

Vault's sweet spot is automated generation and revocation of credentials which are given to authenticated clients (like creating a one-off keypair for an SSH session & giving the private part to the user and allowing the server to read the public part).

We're currently testing the waters of migrating our pass-like shared password store to vault (so we can grant authorization to automated scripts to read certain shared rotated creds).

0 comments

3 comments · 1 top-level

tex09y ago· 2 in thread

I would very much encourage anyone to use Vault to manage secrets consumed by machines, but for personal credentials it's maybe not the best fit.

endymi0n9y ago

One of my ideas was using Vault as an alternative backing store for a gopass mount actually. And then it's Vault for company secrets (and no hassle with keys due to central PKI) and gpg for private stores (fast & simple to set up on your own).

falsedanOP9y ago

Can you elaborate? (I know why not to use Vault for my banking passwords, also why to use it for the bind password for some app's LDAP auth backend)

j / k navigate · click thread line to collapse