Cloudflare for Teams + HashiCorp Vault = Zero Trust Love
GPL-3.0 License
Secrets are hard, especially for local development. This is why I took two of my favorite products (Cloudflare For Teams and HashiCorp Vault) and used them together to come up with a Zero-Trust Vault deployment that is easy to use from any of my workstations.
The focus was to achieve fast deployment and easy maintenance. Terraform takes care of the full deployment, and the full stack is deployed with two terraform apply
commands, everything is configured and ready to go within minutes.
Free. (for up to 50 users)
I cannot tell the exact GCP costs of this stack yet, but there is a Free Tier for the default machine type.
If you want to change the region, just note that only some regions are eligible for the GCP Free Tier.
The deployment process consists of two steps. The first one (Infra) is to deploy the Zero-Trust stack and the second one is configuring the Vault itself.
In order to deploy this stack, make sure you have:
Terraform version 1.0+
Google Cloud SDK setup and authenticated to a GCP project
Google Storage Bucket for Terraform state
tf-state-vault-my-project-id
Cloudflare Account with Cloudflare for Teams enabled
Please refer to infra folder
Please refer to vault-config folder