Universal centralized secret data management for automated public cloud provisioning

Martseniuk, Y. and Partyka, A. and Harasymchuk, O. and Shevchenko, Svitlana (2024) Universal centralized secret data management for automated public cloud provisioning Cybersecurity Providing in Information and Telecommunication Systems II 2024, 3826. pp. 72-81. ISSN 1613-0073

[thumbnail of Y_Martseniuk_A_Partyka_O_Harasymchuk_S_Shevchenkor_CPITS_2024_3826.pdf] Text
Y_Martseniuk_A_Partyka_O_Harasymchuk_S_Shevchenkor_CPITS_2024_3826.pdf

Download (2MB)

Abstract

In modern cloud environments, secret management plays a key role in ensuring the security of sensitive data, such as passwords, API keys, credentials, and other critical resources. This paper discusses the use of HashiCorp Vault as a universal platform for centralized secret management and automated provisioning of cloud resources. A comparison is also made with native secret management services, such as AWS KMS, Azure Key Vault, and Google Cloud KMS, to determine their capabilities and limitations in providing security. The comparison shows that Vault offers more flexible and universal secret management thanks to advanced cryptographic methods and integration with automation platforms. The research demonstrates that Vault provides secure storage, dynamic creation, and automatic revocation of credentials, allowing access management based on security policies. The integration of HashiCorp Vault with automation platforms like Rundeck and Ansible enables the automation of cloud resource provisioning while maintaining information confidentiality and reducing the risk of human error. The use of dynamic creation methods for temporary credentials enhances security and compliance with standards, adhering to the principle of least privilege. The results highlight the importance of using HashiCorp Vault as a central platform for managing secrets and credentials, which improves the overall level of security and efficiency in cloud environments.

Item Type: Article
Uncontrolled Keywords: HashiCorp Vault; secrets; automation; data security; dynamic credentials; AWS; authentication; authorization; cloud infrastructure; centralized management
Subjects: Статті у базах даних > Scopus
Divisions: Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Depositing User: Павло Миколайович Складанний
Date Deposited: 06 Dec 2024 08:08
Last Modified: 06 Dec 2024 08:08
URI: https://elibrary.kubg.edu.ua/id/eprint/50152

Actions (login required)

View Item View Item