AppDat’s Secrets Management #
AppDat provides a self-hosted installation of Hashicorp’s Vault launch project to manage secrets and protective sensitive data within the platform. The Secret Management service is tightly integrated with the DevOps and “infrastructure-as-code” based resource provisioning and management functions with the provisioning of new secrets automatically saved to the Secrets Management service with the correct scoping and access management.
Within the Kubernetes compute environments, AppDat leverages the External Secrets Operator launch to integrate with the Secrets Management service and generate the correctly scoped Kubernetes Secret resources across the platform’s managed fleet of tenant clusters.
Additionally the Secrets management service is integrated with the Identity Platform via OIDC and JWT authentication profiles that allow the Developer and Operator teams.
Diagram #
Iot Device Certificates #
The AppDat Secrets Management service also supports the provisioning and rotation of certificates for usage by IoT Devices to integrate with web services hosted within the platform’s kubernetes compute environments. Certificates are provisioned similarity to resource secrets via “infrastructure-as-code” processes and then saved to the Secrets Management service. From there IoT Device can be permitted to directly integrate with the secrets management service or DevOps personal can pull and manually load certificates onto IoT Devices.
Multi-tenant Configuration #
The AppDat Secrets Management service is configured to support multi-tenant usage through access controls policies and authentication profiles scoped to each tenant organization’s secrets within isolated “buckets” within the Secret’s Management service. The Secrets Management service team utilizes an “infrastructure-as-code” approach to provisioning the authentication profiles and policies that are assigned to a specific “bucket” via a conventional pathing. The methodology ensures that each tenant’s Developers and compute resources are only able to access the secrets applicable to their specific resources.