KeyOps: Securing Fastly's Infrastructure with Vault

Automated infrastructure deployment is critical when the expansion of the server fleet needs to be accomplished efficiently, reliably, frequently, and at scale. Yet, when it comes to bootstrapping servers into the production fleet, the handling of shared secrets required a tradeoff between automation and security: hardcode secrets and downgrade security, or require human interaction and cause an automation bottleneck. At least, that used to be the case.
This talk will look at how we've been using Vault at Fastly to secure our infrastructure, services, and customer-facing applications, while reducing or eliminating manual steps. We'll cover the gamut of use, from bootstrapping new physical servers to providing limited access to database instances for emergency support. Vault has provided us with important mechanisms to improve our security and automation capabilities, and this talk will inspire you to seek similar opportunities in your own infrastructure.