Vault Credential Brokering Quickstart
Learn how to use Vault to broker secrets to Boundary clients.
Many organizations have hard-coded credentials in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Safeguarding and ensuring that credentials are not leaked, or in the likelihood they are, that the organization can quickly revoke access and remediate, is a complex problem to solve.
Enable Boundary as a credential broker for infrastructure targets by binding credentials with user sessions, and surfacing those credentials during session initialization. A dynamic secret is generated on demand and is unique to a client, instead of a static secret, which is defined ahead of time and shared. Vault associates each dynamic secret with a lease and automatically destroys the credentials when the lease expires. Vault supports dynamic secrets with a wide range of systems and is easily extensible with plugins.
Reduce risk of breach and simplify administration with Boundary’s identity-based secure remote access to ensure that users have access to critical infrastructure they need without exposing your network.