Tag : vault
Genesis is an awesome deployment framework for deploying systems with BOSH to any infrastructure cloud. It has a whole catalog of open source production ready kits which make it super easy to deploy, scale, and upgrade systems such as Cloud Foundry Application Runtime (PaaS), Vault (Secrets), Concourse CI, SHIELD (backup/restore), and Minio (Object Store). Genesis
It is not a good idea to allow your BOSH/CredHub/Vault to be accessible on the public internet. Yes, they both require credentials and certificates to access, but there is just no good reason to expose them on the internet. So you will only deploy them into private networks. Unfortunately, now you’ve made it hard for
We use YAML for configuration of many things – Concourse pipelines, BOSH deployments, Cloud Foundry applications, and more. And we continually want to be more secure with how we handle our secrets. Two tools can be used together to help: Hashicorp vault for storing secrets Geoff Franks spruce for merging vault secrets into YAML files.
At Stark & Wayne, we love Concourse pipelines! We use them for testing/releasing CLI utilities, deploying Cloud Foundry apps, building docker images, creating and testing BOSH releases, and vetting changes to BOSH deployments in an automated fashion starting in sandbox environments all the way to production. Uh-oh! credentials.yml file got committed? One of the most
A few of our recent posts related to standing up BOSH deployments using Genesis have all revolved around needing Vault to store your credentials safely. The vault-boshrelease makes this fairly straightforward, but there’s now a Genesis Vault template to make running Vault even easier! The procedure is similar to the other Genesis deployments: $ genesis