From LUKS to Vault, our journey of secret management

HealthTech is a compliance heavy space, a small mishap can cause grave consequence. Protecting customer data is a top priority at Grand Rounds. “Bring our own dragons” which means never hand over our encryption keys is a principle we follow dearly. The secrets to access PHI and PII data are secured with multiple safeguards. The first attempt to protect secret was a homegrown disk encryption solution using LUKS and it has worked well for a few years. As our customer grow and the supporting infrastructure changes, we need to rethink how to handle secrets. We recently finished implementing our third generation of secret management solution with HashiCorp Vault. This allows us to better handle compliance requirements, application complexity and incorporate new engineering workflows. This talk is about the journey of migrating between solutions, design tradeoff and some lessons we learned in the health care space



Mason Leung

Mason Leung is an Infrastructure Engineer at GrandRounds. He mostly works on infrastructure design and operation tools. Prior to that, he worked at sharethrough as a DevOps engineer and as a ...