EnglishОчистка Cookie - вибирає мову установки браузера

Universal centralized secret data management for automated public cloud provisioning

Martseniuk, Y. та Partyka, A. та Harasymchuk, O. та Shevchenko, Svitlana (2024) Universal centralized secret data management for automated public cloud provisioning Cybersecurity Providing in Information and Telecommunication Systems II 2024, 3826. с. 72-81. ISSN 1613-0073

[thumbnail of Y_Martseniuk_A_Partyka_O_Harasymchuk_S_Shevchenkor_CPITS_2024_3826.pdf] Текст
Y_Martseniuk_A_Partyka_O_Harasymchuk_S_Shevchenkor_CPITS_2024_3826.pdf
Download (2MB)
Офіційне посилання: https://ceur-ws.org/Vol-3826/

Анотація

In modern cloud environments, secret management plays a key role in ensuring the security of sensitive data, such as passwords, API keys, credentials, and other critical resources. This paper discusses the use of HashiCorp Vault as a universal platform for centralized secret management and automated provisioning of cloud resources. A comparison is also made with native secret management services, such as AWS KMS, Azure Key Vault, and Google Cloud KMS, to determine their capabilities and limitations in providing security. The comparison shows that Vault offers more flexible and universal secret management thanks to advanced cryptographic methods and integration with automation platforms. The research demonstrates that Vault provides secure storage, dynamic creation, and automatic revocation of credentials, allowing access management based on security policies. The integration of HashiCorp Vault with automation platforms like Rundeck and Ansible enables the automation of cloud resource provisioning while maintaining information confidentiality and reducing the risk of human error. The use of dynamic creation methods for temporary credentials enhances security and compliance with standards, adhering to the principle of least privilege. The results highlight the importance of using HashiCorp Vault as a central platform for managing secrets and credentials, which improves the overall level of security and efficiency in cloud environments.

Тип елементу : Стаття
Ключові слова: HashiCorp Vault; secrets; automation; data security; dynamic credentials; AWS; authentication; authorization; cloud infrastructure; centralized management
Типологія: Статті у базах даних > Scopus
Підрозділи: Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Користувач, що депонує: Павло Миколайович Складанний
Дата внесення: 06 Груд 2024 08:08
Останні зміни: 06 Груд 2024 08:08
URI: https://elibrary.kubg.edu.ua/id/eprint/50152

Actions (login required)

Перегляд елементу Перегляд елементу