Company
Date Published
Author
Jimmy Vo, David M. Lentz
Word count
2175
Language
English
Hacker News points
None

Summary

HashiCorp Vault provides centralized storage and management of sensitive data, such as passwords and API keys. However, this centralized system can be vulnerable to security threats, including the use of root or recovery tokens by attackers to access secrets, disabling audit logging to cover their tracks, elevating permissions assigned to Vault clients, manipulating Vault policies to introduce security risks, and leveraging elevated privileges to disable audit devices or manipulate policies. To detect potential malicious activity in Vault installations, Datadog Cloud SIEM automatically analyzes Vault audit logs as they're ingested, providing automated threat detection and alerting capabilities to ensure the security of secrets stored in Vault.