We at Exoscale strongly believe in the saying “eat your own dog food”, meaning that you should use your own products like your users do to really be able to appreciate how they perform and how they could be improved. We’re also big users of HashiCorp tools and many of those are part of our daily operations, and for this reason we have implemented and maintain Exoscale integrations in Terraform and Packer so both we and our clients can manage Exoscale-based infrastructures as code.

Recently we’ve announced our new service Exoscale Identity and Access Management (IAM), allowing you to finely manage clients access to your organization. Good news sometimes comes in pairs, and today we’re happy to announce closer integration with the HashiCorp family by providing a new Vault secrets backend plugin, enabling secure and dynamic management of your Exoscale IAM resources both by your collaborators and your applications running on Exoscale.

Easily manage your IAM keys with Vault

What is HashiCorp Vault?

Vault is software developed by HashiCorp enabling users to secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

If you are hearing about Vault for the first time now, we strongly recommend you to take some time to learn about its possibilities by following the official tutorial.

Exoscale IAM + Vault = Dynamic Cloud Security

Exoscale IAM gives you fine grained control over the operations your users or applications can perform within your Exoscale organization at the API level. This level of granularity is very useful if you want to precisely restrict what an API credentials bearer can actually do when using the Exoscale API, however managing access can quickly become a challenge if you are dealing with dozens of even hundreds of entities.

Leveraging the power of Vault and our new Exoscale secrets backend, you will be able to improve your IAM resources management. No more manual tracking of who-got-which-access-key-when-to-do-what: both your collaborators and your applications’s credentials are accounted for.

To wrap up, we invite you to get familiar with this new addition to the Exoscale tooling on its GitHub repository: you will find the plugin’s documentation on the homepage of the project, as well as using Vault’s path-help command. As for all of our Open Source projects, if you run into problems while using it please open an issue on GitHub.