Event Details

Please note: All times listed below are in Central Time Zone

<< Go back

Comparing the Barbican and Vault Security Models

Security

OpenStack's Barbican and Hashicorp's Vault are both secret management services. Your choice of which one to use will depend on your requirements, infrastructure, budget, and security needs. Making secret storage available in a multi-tenant cloud brings additional considerations in architecture decisions.

In this talk we introduce secret management best practices, describe a variety of secret storage options, and enumerate the pros and cons of each solution.

We'll take a deep dive into the architecture and threat models of both Barbican and Vault For each, we'll discuss the pros and cons in terms of ease of use, threat vectors, compatibility with OpenStack projects, scalibility, high availability options, compliance, and cost.

What can I expect to learn?

Attendees will learn about the similarities between Barbican and Vault as well as their differences. The information should help deployers make a decision on which service to use for their particular needs.

Thursday, May 11, 9:50am-10:30am (1:50pm - 2:30pm UTC)

Hynes Convention Center - Level Three - MR 311

View video

Difficulty Level: Intermediate

Tags: Project Technical Lead (PTL) Security Architect

Dave McCowan

Cisco Systems

Dave McCowan leads security initiatives for the Private Cloud Engineering Team at Cisco. He has been an OpenStack contributor for 6 years. He is a former PTL for the Barbican project where he continues as a core reviewer. He's an enthusiast of security of all kinds and holds a CISSP. FULL PROFILE

Douglas Mendizábal

Senior Software Engineer

Douglas is the current PTL for the Key Management (Barbican) project. Before being involved in OpenStack, Douglas was a software development consultant specializing in secure development of mobile and web applications. FULL PROFILE