https://gerardsamuel.me/categories/security/Recent content in Security on Gerard SamuelHugo -- gohugo.ioenSun, 21 Jul 2024 21:32:35 -0400https://gerardsamuel.me/posts/configuring-hashicorp-vault/Sun, 21 Jul 2024 21:32:35 -0400https://gerardsamuel.me/posts/configuring-hashicorp-vault/<p>We have all been there. That newly installed application required confidential material to function. Where should that material be securely stored? Or, you just took over ownership of a system where the database credentials are stored in plain text! We all know (or should know) that protecting secrets is important. Just about anyone, intentional or not, could be a threat actor. Our trust and integrity depend on securing our secrets.</p>https://gerardsamuel.me/posts/getting-started-with-smallstep/Sun, 14 Jul 2024 14:20:35 -0400https://gerardsamuel.me/posts/getting-started-with-smallstep/<p>I needed to host an internal PKI (Private Key Infrastructure) to test a secrets management solution. Microsoft Windows PKI requires a complete Active Directory setup, which is overkill for what I needed. Plus, I wanted something open-source. Smallstep&rsquo;s step-ca is open source and is a well-featured private key solution. This post will explain how I set it up using a Nitrokey HSM on a Raspberry Pi 4.</p>