Sanctuary: a turn-key Vault in the cloud.

Today we are excited to announce the initial release of DRUD Sanctuary, a turn-key deployment of HashiCorp’s Vault on Amazon Web Services.

Like most organizations dealing with technology, DRUD needed a tool for securely storing and accessing sensitive information. From database credentials to API keys and security certificates, DRUD engineers deal with sensitive information on a daily basis. After evaluating the available options, we decided Vault was the tool for us.

Sanctuary helps us automate the setup and configuration of Vault on AWS. Key features include:

  • A docker container with all installation requirements already available. You can either build the container yourself, or pull it from docker hub.
  • The ability to create a VPC and configure an AWS instance as a Vault host inside it.
    SSL support via Let’s Encrypt or certificates you mount into the container at install time.
  • Optionally enabling and configuring the GitHub auth backend.
  • Uses fluentd to back up the Vault audit log to S3.
  • Secrets backed by a DynamoDB backend, which persists across Sanctuary deployments so you can build and tear down Sanctuary as much as you want without losing your data.

With just a single command you can have Sanctuary running in AWS in under 5 minutes.

For a full rundown of available features, or to download the project, head over to the Sanctuary project on GitHub, read more about using Sanctuary, or learn about administering Sanctuary.