Advanced Secret Handling in Kubernetes Application with HashiCorp Vault

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis

Authors

Date

2023-08-21

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

76

Series

Abstract

In the era of microservices and cloud-based systems, safeguarding sensitive credentials has become a critical concern for modern businesses. This thesis delves into the application of HashiCorp Vault, a prominent tool for secure secret management, within the domain of telecommunication networks, renowned for managing tens of thousands of nodes. Through a case study approach, this research explores Vault's core components, security features, and disaster recovery mechanisms, with a specific focus on integrating them into existing telecommunication systems. A thorough examination of technical documentation, academic literature, and industry reports reveals fundamental concepts and best practices in credential management. Additionally, this study provides a comprehensive analysis of the system architecture of telecom management systems, showcasing how HashiCorp Vault's capabilities bolster security, ensure compliance, and sustain business continuity in large-scale networks. Nevertheless, the thesis also addresses the implications of integrating HashiCorp Vault into the system architecture, including potential challenges tied to complexity and the need for meticulous key management for such extensive credentials. The findings emphasize the necessity of a balanced approach, prioritizing both automation and security. Vigilant monitoring, alerting, and maintenance practices are paramount. As a conclusion, this thesis proposes promising avenues for future research, envisioning the integration of artificial intelligence, machine learning, and blockchain technologies in credential management systems. These advancements hold the potential to further enhance the security landscape for telecommunication networks and beyond.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Torvinen, Vesa

Keywords

HashiCorp Vault, kubernetes, key management system, master key

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202309035493

Collections

[dipl] Perustieteiden korkeakoulu / SCI