Security Model of Vaultfleeting
- External reference: https://www.vaultproject.io/docs/internals/security
Security Model | Vault by HashiCorp
data at rest and in transit must be secure from eavesdropping or tampering.
appropriately authenticated and authorized to access data or modify policy.
secure from eavesdropping as well as communication from Vault to its storage backend.
tampering should be detectable and cause Vault to abort processing of the transaction.
not parts of the Vault threat model
arbitrary control of the storage backend
leakage of the existence of secret material
memory analysis of a running Vault
storage backends used by Vault are also untrusted by design
using a 256-bit Advanced Encryption Standard (AES) cipher in the Galois Counter Mode (GCM) with 96-bit nonces
critical security concern is an attacker attempting to gain access to secret material they are not authorized to.
Vault supports using a Two-man rule for unsealing using Shamir’s Secret Sharing technique