GE Digital has recently partnered with HashiCorp to provide Vault as a service for internal services for the Predix environment. We are working together to provide a full-featured secrets management solution for all the internal PaaS and IaaS services as well as working with the InfoSec team to secure the internals of the premier IoT platform, Predix. Vault is the solution GE has chosen due to it’s pluggable secrets and authentication backends.
The SSH one time password capability and the SSH key signing capabilities of Vault are two of the main use cases that have been adopted and this talk will discuss how that is accomplished. It will not necessarily go into the architecture of Vault, but more about building the policies, roles, and credentials associated with these two use cases. Additionally, a demonstration will be shown to provide context around how Vault and SSH can be integrated.