Home - Results from #20

Secrets Engines are the core of Vault – they enable us to think of security not just as a matter of storage, but as a process. Whether it's a database password, SSH access, or JWT signature, everything can be managed dynamically, securely, and traceably – if the right engines are known and used correctly. The key lies less in diversity and more in understanding and design. Anyone who wants to use Vault productively cannot avoid a deep understanding of the Secrets Engines.

This article offers a well-founded overview of the function, use cases, and lifecycle of Secrets Engines – from generic engines like KV, Transit, or PKI to specialized modules for Cloud and database platforms.

Infrastructure-as-Code is no longer optional. Companies that aim to run and scale their cloud infrastructure seriously rely on Terraform. But with growing success and increasing complexity, a critical question arises: how large or small should a Terraform state actually be?

A state that is too large blocks teams, slows down processes, and creates unnecessary risk. A state that is too small, on the other hand, leads to unnecessary overhead and fragile consistency. The goal is to find the right balance - not too much, not too little, but just right. Welcome to the Goldilocks principle for Terraform.

Managing Terraform infrastructure becomes particularly challenging when it spans multiple business units or even different customer organizations.
In such scenarios, it is no longer sufficient to simply set up individual workspaces or pipelines in a technically clean manner. Instead, decision-makers, CTOs, architects, and senior engineers require clearly structured responsibilities, strict governance, and fully automated processes to ensure consistency, security, and efficiency. We have already discussed the separation of states in detail, but let us briefly summarize the key points once again.

A respected SME, a printing company from the canton of Obwalden with 30 employees, loses all data – including backups – due to the mistake of an external service provider. The damage: over 750,000 CHF. The company is now history, and in March, bankruptcy was filed citing this incident.

The case made headlines in the press because, according to reports, the devastating damage was caused by an IT issue that should never have occurred in the first place. The causes were too fundamental and too obvious to be accepted as an acceptable risk.

This demonstrates how severe the consequences of inadequately secured IT processes can be. Especially in industries where IT infrastructures and IT workflows are not considered core competencies essential for production, such risks are not easy to recognize and avoid.

Such risks and incidents are not just IT problems. In today's world, they affect the fundamental substance of every company.

Remote states are a powerful tool for controlled information sharing across teams and tenants. Especially in complex cloud environments with multiple areas of responsibility, they enable transparency, reusability and scalability. At the same time, they pose risks: faulty states, access issues and unresolved dependencies can compromise the stability of the entire infrastructure. This article demonstrates how to avoid these challenges and how to lay the foundation for reliable, automated infrastructure through clear structures and proven practices.

HashiCorp Vault Deep Dive - Part 1: Fundamentals of Secret Engines

Terraform @ Scale - Part 2: The Art of Optimal State Sizing

Terraform @ Scale - Part 1e: Scaling Across Organizational Boundaries

Keeping IT Risks Under Control – Before Your Company Faces a Crisis

Terraform @ Scale - Part 1d: Pitfalls and Best Practices in Multi-Tenant Environments

More Articles …