PKI and mutual TLS (mTLS) certificates are now heavily relied on, but uncontrolled certificate issuance increases the risk of severe service outages or compliance issues. Organizations are trying to combine high velocity operations and high availability, with the need for high security, controls, and compliance. These sometimes-conflicting requirements can be very hard to combine and the outcome of various approaches to balance them are not crystal clear.
But there are many roads that lead to Rome. You’ll need several tools in your toolbox.
In this presentation you’ll see how to combine a mature and compliant PKI with the automated, rapidly changing, multi-cloud deployments in modern DevOps. By using a HashiCorp Vault plugin for EJBCA PKI, which you’ll see in a short demo, you can use the same efficient tool for managing certificates that you use for all other secrets, and the result is efficient, automated, secure, controlled, and compliant certificate issuance on a large scale. You’ll also see how to chain tools using HashiCorp Consul for service mesh, secrets from Vault, and certificates from EJBCA.
Key takeaways:
- Security compliance is important
- Compliance does not have to slow you down (a lot)
- HashiCorp products integrate well in a compliance-centred environment
- Automation is key for security at scale
Speaker: Tomas Gustavsson
Slides here: https://drive.google.com/file/d/1-7DfEl20a4Cd5zouzOshyASoUxo1gG_I/view
#devops
