Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
jervis
Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins.
Vault is one of the most resilient and HA applications I run which is stateful. There’s a guide to deploy consul along with cloudformation stack examples. I took this and extended it to a 10 node cluster (5 nodes spread across 3 AZs for Vault and Consul). Cron jobs with distributed locks perform a backup and secrets manager is relied on for vault unseal. To simplify deployment I baked vault and consul into the same AMI. with packer.
Vault and consul does very well for high availability in AWS. If you wanted to play with it! I created a local docker compose stack for HA vault, HA consul, and service discovery based DNS. The local stack is not meant for prod and only experimenting to learn vault.
I have some open licensed code for vault and AppRole client management you can draw inspiration from if you wanted to create your own client for devs or even directly copy (following its license/attribution/etc).
Related posts
- Reset hashicorp admin access
- Can one use Vault to inject environment variables needed to setup on stack up rather than saving them in environment files with docker-compose?
- Ask HN: Developers/DevOps, how do you manage environment variables?
- mTLS in 15 Minutes
- Replicating and Load Balancing Go Applications in Docker Containers with Consul and Fabio