Sanctuary: a turn-key Vault in the cloud.
Like most organizations dealing with technology, DRUD needed a tool for securely storing and accessing sensitive information. From database credentials to API keys and security certificates, DRUD engineers deal with sensitive information on a daily basis. After evaluating the available options, we decided Vault was the tool for us.
Sanctuary helps us automate the setup and configuration of Vault on AWS. Key features include:
- A docker container with all installation requirements already available. You can either build the container yourself, or pull it from docker hub.
- The ability to create a VPC and configure an AWS instance as a Vault host inside it.
SSL support via Let’s Encrypt or certificates you mount into the container at install time.
- Optionally enabling and configuring the GitHub auth backend.
- Uses fluentd to back up the Vault audit log to S3.
- Secrets backed by a DynamoDB backend, which persists across Sanctuary deployments so you can build and tear down Sanctuary as much as you want without losing your data.
With just a single command you can have Sanctuary running in AWS in under 5 minutes.