Well-Architected Framework
Seal Vault during a security incident
Security incidents require immediate action to protect your secrets management infrastructure. Credential leaks, unauthorized access, and denial-of-service attacks demand quick mitigation to prevent further compromise. Vault provides two features to help you lock the service down until you resolve the incident:
- Seal: Vault discards its in-memory key to unlock data, preventing it from responding to any request to access secrets.
- API Lock: If you do not require Vault to be entirely sealed, you can instead lock the API for individual namespaces.
Post-incident analysis and credential rotation
After a security incident, it's important to review what caused it, and invalidate any compromised credentials. Boundary provides audit logging and session recording, giving you valuable insight into how an attacker gained access to your infrastructure. Vault Radar automatically detects and identifies unmanaged secrets in your code, letting you know if there are any sensitive credentials that might be used to gain access to your infrastructure.
HashiCorp resources:
- Vault emergency break-glass features
- Boundary audit log streaming
- Boundary recorded sessions operations
- What is Vault Radar?
Next steps
In this section of how to manage leaked secrets, you learned. Managing leaked secrets is part of the Secure systems pillar.