Chef Blogs

How to Integrate HashiCorp Vault into Your Toolchain with Chef Habitat

Siraj Rauf | Posted on | Chef Habitat | partners

Guest post by our friends at Indellient.

We’re all on a mission to develop quickly, deliver reliably, and release more frequently, all in the name of better supporting our business. We must do all of this – securely, of course – across multiple environments.

It’s not a simple task as each of your applications, services and environments require certain processes, permissions and infrastructure to support it. It’s no wonder why this complexity can seemingly impede how quickly we deliver.

Securely manage your applications

Tools such as Chef Habitat and HashiCorp Vault make it easy to manage these complex, diverse environments and allow for rapid, secure scaling. Even in the most complex, regulated and secure environments, automation with the right tools can accelerate time-to-value.

How does vault help me?

As your infrastructure becomes more complex, so too does the management of securing it. Storing all your secret information like API keys, credentials, certificates and other secure information can be difficult, cumbersome and at risk if not managed properly.   

That’s where HashiCorp Vault comes in. Vault centrally manages and enforces access to secrets and systems based on trusted sources of application and user identity. Where organizations get the most out of Vault is when they integrate and automate the fetching of secrets using tools like Habitat.

Discover, scale and integrate with Vault and Habitat

  • Using Vault with Habitat can accelerate application delivery, secure your infrastructure and ensure your IT teams are all on the same page. By doing so, you can allow your applications to dynamically discover Vault;
  • Scale your applications securely using Habitat dynamic configuration updates and wire encryption; and
  • Integrate Vault applications without modifying the source code – your applications don’t have to be aware they’re even using Vault!

When you deploy Vault using Habitat, you leverage Habitat binds to ensure your applications can discover Vault and reconfigure themselves if Vault configurations are updated.

Here are a few more scenarios Chef users can take advantage of with Vault:

  • Ensure all your nodes are up to date and that secrets are encrypted in transit by scaling applications securely using Habitat Supervisor rings.
  • Connect Habitat Packages to pre-existing/non-Habitat Vault instances, allowing for a seamless and graduated transition to the Habitat world.
  • Use Habitat to bind to Vault and never uncover secrets/locations of secrets/etc.
  • Integrate Vault with third-party or closed-source applications – leverage Vault and its benefits without modifying any source code.

You can get an Open Source Habitat Vault plan on GitHub here.

Interested in learning more?

We hosted two webinars on Habitat and Vault integrations. Our first webinar covered how application automation with Chef Habitat in conjunction with HashiCorp Terraform can be used to automate the provisioning of a HashiCorp Vault cluster. You can catch the recording here.

Our second webinar dove into different patterns of incorporating Vault with Habitat applications in more detail. Check out the recording here.