Rotate Passwords with Ansible and HashiVault

Click for: original source

Doug Bridgens post on how to rotate passwords. Rotating application layer passwords is hard. Not because changing a password in some database is difficult, it’s often only a single command.

The benefits of automation in a large infrastructure are easy to talk about, easy to sketch on a whiteboard. The problems start when you attempt to implement your ideas, and then you can find yourself with a seemingly insurmountable sackful of (human) objections and (process) hurdles.

Article sports example code including password rotation of the backend MySQL root password, but the same principle applies to the application node database credentials.

Author makes argument: In a practical sense we’ve improved the security of the infrastructure.

[Read More]

Tags devops infosec