Tag : vault

Guide to deploying Genesis kits to BOSH/CredHub

Genesis is an awesome deployment framework for deploying systems with BOSH to any infrastructure cloud. It has a whole catalog of open source production ready kits which make it super easy to deploy, scale, and upgrade systems such as Cloud Foundry Application Runtime (PaaS), Vault (Secrets), Concourse CI, SHIELD (backup/restore), and Minio (Object Store). Genesis

Ruben Koster Profile Image

Posted by:
Ruben Koster

Read More ➝
Accessing BOSH, CredHub, and Vault via magic tunnels

It is not a good idea to allow your BOSH/CredHub/Vault to be accessible on the public internet. Yes, they both require credentials and certificates to access, but there is just no good reason to expose them on the internet. So you will only deploy them into private networks. Unfortunately, now you’ve made it hard for

Dr Nic Williams Profile Image

Posted by:
Dr Nic Williams

Read More ➝
Simple secure credentials into YAML with Vault and Spruce

We use YAML for configuration of many things – Concourse pipelines, BOSH deployments, Cloud Foundry applications, and more. And we continually want to be more secure with how we handle our secrets. Two tools can be used together to help: Hashicorp vault for storing secrets Geoff Franks spruce for merging vault secrets into YAML files.

Dr Nic Williams Profile Image

Posted by:
Dr Nic Williams

Read More ➝
Safely Hiding Sensitive Data in your Concourse Pipelines

At Stark & Wayne, we love Concourse pipelines! We use them for testing/releasing CLI utilities, deploying Cloud Foundry apps, building docker images, creating and testing BOSH releases, and vetting changes to BOSH deployments in an automated fashion starting in sandbox environments all the way to production. Uh-oh! credentials.yml file got committed? One of the most

GeoffFranks Profile Image

Posted by:
GeoffFranks

Read More ➝
Standing up Vault using Genesis

A few of our recent posts related to standing up BOSH deployments using Genesis have all revolved around needing Vault to store your credentials safely. The vault-boshrelease makes this fairly straightforward, but there’s now a Genesis Vault template to make running Vault even easier! The procedure is similar to the other Genesis deployments: $ genesis

GeoffFranks Profile Image

Posted by:
GeoffFranks

Read More ➝