Key Management with Vault at BrowserStack
BrowserStack has re-architected its key management system for their Rails application using HashiCorp Vault and Amazon DynamoDB as backend storage. Previously, keys were stored in an AWS CodeCommit repository, which was not secure or efficient. The new architecture allows teams to add their keys to a central location, change them directly, and rotate them without involving other teams. This has significantly reduced the time spent on key rotation activities from 30-35 man-hours to ~12 hours for the Rails app alone. Future plans include removing the dependency of a single YAML file containing all keys, moving other systems to Vault, and building automated systems for organization-wide key rotations every 90 days.
Company
BrowserStack
Date published
March 12, 2020
Author(s)
Saksham
Word count
1958
Language
English
Hacker News points
4