/plushcap/analysis/browserstack/key-management-vault-browserstack

Key Management with Vault at BrowserStack

What's this blog post about?

BrowserStack has re-architected its key management system for their Rails application using HashiCorp Vault and Amazon DynamoDB as backend storage. Previously, keys were stored in an AWS CodeCommit repository, which was not secure or efficient. The new architecture allows teams to add their keys to a central location, change them directly, and rotate them without involving other teams. This has significantly reduced the time spent on key rotation activities from 30-35 man-hours to ~12 hours for the Rails app alone. Future plans include removing the dependency of a single YAML file containing all keys, moving other systems to Vault, and building automated systems for organization-wide key rotations every 90 days.

Company
BrowserStack

Date published
March 12, 2020

Author(s)
Saksham

Word count
1958

Hacker News points
4

Language
English


By Matt Makai. 2021-2024.