Restrict vault use per web server

0 vote

Published 2 years ago

We would like to see the option to restrict a vault to a webserver. For example, you have 3 webservers and 4 vaults in the same database. You can make all vaults available in a load balanced setup with 2 webservers for internal use only. And you can use 1 webserver to connect to only 1 vault for use from the internet. That way you have a smaller attack surface and you can also use load balance techniques for specific vault on specific web servers.

All Comments (2)

François Dubois

Published 2 years ago

Hello,

Thank you for your request. We don't have a such feature plans, but long term, we would like to improve our conditionnal access engine to allow different access based on rules. For example, we could configure a rule to limit access to a vault. That rule could be based on IP, time, user tags or other conditions. I don't have an ETA for that improvement, but I wanted to let you know where we are going and I think that improvement would cover your case. Would it work for you ?

Best regards,

François Dubois

jsannen

Published 2 years ago

Hi Francois,

Yes, I believe it would.

Best regards, Joost