Use case

Identity-based access

Authenticate and access different clouds, systems, and endpoints using trusted identities.

Challenge

Securing access with static IPs and ephemeral infrastructure at scale is complex

The move to cloud involves a shift in operating model for infrastructure. Traditionally we had a relatively static world of dedicated servers, static IP addresses, and a clear network perimeter. In the cloud, we have ephemeral and elastic pools of infrastructure with dynamic IP addresses and no clear perimeter.

In a static world, we established a network perimeter and managed access based on IP address. For security teams, the cloud requires a fundamentally different approach: starting with understanding the network as inherently "low trust" and moving to the idea of securing infrastructure and application services themselves, based on trusted identities and encrypting all secrets and application data.

Solution

Secure access to secrets, systems, and data with trusted identities

Leverage any trusted identity provider, such as cloud IAM platforms, Kubernetes, and Active Directory, to authenticate into Vault. Identity is scale independent, unlike IP addresses, which require complex firewall rules and frequent updates.

Ubisoft
Ubisoft
Customer case study

Game time

The pioneer in online gaming uses HashiCorp Vault to enhance security, availability, and performance across a global gaming platform.

  • 500+

    active entities accessing Vault secrets per day

  • 141

    million unique players over consoles and PC in FY21

  • 1,000+

    applications

Ready to get started?

Quickly get hands-on with HashiCorp Cloud Platform Vault and set up your managed Vault cluster.

Why use identity-based security?

Learn why IP-based identity is not suitable for the cloud — and the one key strategy for effective cloud security.

Armon Dadgar

Co-founder & CTO