Securing the Infrastructure of Confluent with HashiCorp Vault

Confluent Cloud has chosen HashiCorp Vault as its secure secrets management system to enable the seamless motion of data, relying on Kubernetes and Google Cloud infrastructure for high availability. Although outsourcing was considered, Confluent leveraged in-house expertise to manage Vault using Banzai Cloud's Vault operator for Kubernetes, which proved manageable without third-party services. The setup included load tests with Slapper to ensure failover efficiency and chaos resilience, while post-setup configurations were facilitated via Golang programs for simplicity. Additionally, Confluent has implemented procedures for AppRole Secret ID revocation to maintain security and compliance, emphasizing proactive measures in managing and rotating credentials.