So what exactly is Hashicorp Consul? Here is what the Hashicorp has to say:
HashiCorp Consul is a service networking solution that enables teams to manage secure network connectivity between services and across on-prem and multi-cloud environments and runtimes. Consul offers service discovery, service mesh, traffic management, and automated updates to network infrastructure devices.
For the time being, I am targeting Consul’s service discovery features. In this article, I will show you how I went about this.
We have all been there. That newly installed application required confidential material to function. Where should that material be securely stored?
Or, you just took over ownership of a system where the database credentials are stored in plain text!
We all know (or should know) that protecting secrets is important. Just about anyone, intentional or not, could be a threat actor. Our trust and integrity depend on securing our secrets.
I needed to host an internal PKI (Private Key Infrastructure) to test a secrets management solution.
Microsoft Windows PKI requires a complete Active Directory setup, which is overkill for what I needed. Plus, I wanted something open-source.
Smallstep’s step-ca is open source and is a well-featured private key solution.
This post will explain how I set it up using a Nitrokey HSM on a Raspberry Pi 4.
