Can vault be configured to use OS provided open SSL library for encrypting secrets
158 views
Skip to first unread message
Anand kumat
Aug 19, 2019, 2:39:10 PM8/19/19
to Vault
Hi all,
I am using open source version of vault. Vault encrypts data (secrets) by using Golang's crypto and x/crypto libraries that are part of the golang language. Is there a way to configure
vault to use OS provided openssl libraries (FIPS validated) to encrypt/decrypt secrets?
Thanks,
Anand
I am using open source version of vault. Vault encrypts data (secrets) by using Golang's crypto and x/crypto libraries that are part of the golang language. Is there a way to configure
vault to use OS provided openssl libraries (FIPS validated) to encrypt/decrypt secrets?
Thanks,
Anand
Mark Gritter
Aug 19, 2019, 2:54:56 PM8/19/19
to vault...@googlegroups.com
The seal/unseal functionality and encryption routines are not currently modular and cannot be replaced by a different cryptographic library.
Vault Enterprise has a feature called "Seal Wrap" which supports using an external HSM that is FIPS 140-2 certified; see https://learn.hashicorp.com/vault/operations/ops-seal-wrap
best,
Mark
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/bc0d4cca-6b17-4743-80fa-972292925054%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages