Konubinix' opinionated web of thoughts

Security Model of Vault

Fleeting

Security Model | Vault by HashiCorp

data at rest and in transit must be secure from eavesdropping or tampering.

https://www.vaultproject.io/docs/internals/security

appropriately authenticated and authorized to access data or modify policy.

https://www.vaultproject.io/docs/internals/security

secure from eavesdropping as well as communication from Vault to its storage backend.

https://www.vaultproject.io/docs/internals/security

tampering should be detectable and cause Vault to abort processing of the transaction.

https://www.vaultproject.io/docs/internals/security

not parts of the Vault threat model

https://www.vaultproject.io/docs/internals/security

arbitrary control of the storage backend

https://www.vaultproject.io/docs/internals/security

leakage of the existence of secret material

https://www.vaultproject.io/docs/internals/security

memory analysis of a running Vault

https://www.vaultproject.io/docs/internals/security

storage backends used by Vault are also untrusted by design

https://www.vaultproject.io/docs/internals/security

using a 256-bit Advanced Encryption Standard (AES) cipher in the Galois Counter Mode (GCM) with 96-bit nonces

https://www.vaultproject.io/docs/internals/security

critical security concern is an attacker attempting to gain access to secret material they are not authorized to.

https://www.vaultproject.io/docs/internals/security

Vault supports using a Two-man rule for unsealing using Shamir’s Secret Sharing technique

https://www.vaultproject.io/docs/internals/security