I've been describing our Hashicorp Vault journey here at ClueTrust in a number of posts. Chief among the reasons to use Vault is its ability to generate and rotate credentials with specific systems and services. I've written before about PostgreSQL credential management using Vault, which has been quite successful. This …

When using dynamic database credentials with Flask, we need to make sure that the flask instance picks up the right credentials, renews them when necessary, and uses the right roles. My flask code is pretty embedded with the database changes here, so pardon the dust, but I think it's relatively …

When I was confirming the configurations for my vault management of database credentials, I used a local postgresql and vault server. This may also be useful for development (especially testing code that may exercise the vault and database interactions). This can make it relatively easy to watch all of the …

This is part of a multi-part series on using postgres databases, vault, and a variety of other tools to effect short-lived database credentials for real use. As postgres uses user and role interchangably, so will I, although I'll generally try to use user to refer to a role with login …

When using dynamic database credentials with Django, we need to make sure that the django instance picks up the right credentials, renews them when necessary, and uses the right roles. This post includes the background and the necessary code. Migration and creation Migration and creation provide special problems because of …

Over the past year, I've been experimenting with Hashicorp Vault, using the open-source/community version for some internal experiments, including some with high availability. In a separate article, I'll go over a test configuration of Vault, but all of the notes here are agnostic to the use of HCP (Hashicorp's …