Armon, This is an ingenious thought process by you. Going after the build process which is the root of the security vulnerability at the kernel level and hardening it is a master stroke. Secondly, in this Cloud self-service world we can automate this pipeline of version control and release channels and revocation of base image via the registry is masterful. That gives us control at the metadata level and tightens our provisioning security policy. I do want to see something similar around DNS vulnerabilities and how we can harden those entry points from an attacker getting access. Thats a different problem to solve.
So, the whole benefit over the open-sourced Packer is that introduced Packer Registry where you store the Metadate and control the Image versioning from there, instead doing it from AWS/Azure? In your terraform script instead of reading it from Azure/AWS, you are going to read it from Packer Registry. Any other benefits?
The HCP Packer registry has multiple benefits to help you build a golden image pipeline and manage image lifecycle, including: - Metadata tracking for all your image artifacts and versions across multiple clouds - Channels that make it easier to promote and discover the right image versions to use - Ancestry tracking for parent/child image relationships - Revocation workflows to make sure old image versions aren’t being used anymore - Integrations with HCP Terraform via run tasks, drift detection, and continuous validation - Audit log streaming to monitor image activity You can learn more at the links below, or check out this on-demand webinar: www.hashicorp.com/events/webinars/ep4-securing-your-infrastructure-with-terraform-and-packer-creating-a-secure-gold www.hashicorp.com/products/packer/features developer.hashicorp.com/hcp/docs/packer
Armon, This is an ingenious thought process by you. Going after the build process which is the root of the security vulnerability at the kernel level and hardening it is a master stroke. Secondly, in this Cloud self-service world we can automate this pipeline of version control and release channels and revocation of base image via the registry is masterful. That gives us control at the metadata level and tightens our provisioning security policy.
I do want to see something similar around DNS vulnerabilities and how we can harden those entry points from an attacker getting access. Thats a different problem to solve.
Very informative, thanks
So, the whole benefit over the open-sourced Packer is that introduced Packer Registry where you store the Metadate and control the Image versioning from there, instead doing it from AWS/Azure? In your terraform script instead of reading it from Azure/AWS, you are going to read it from Packer Registry. Any other benefits?
The HCP Packer registry has multiple benefits to help you build a golden image pipeline and manage image lifecycle, including:
- Metadata tracking for all your image artifacts and versions across multiple clouds
- Channels that make it easier to promote and discover the right image versions to use
- Ancestry tracking for parent/child image relationships
- Revocation workflows to make sure old image versions aren’t being used anymore
- Integrations with HCP Terraform via run tasks, drift detection, and continuous validation
- Audit log streaming to monitor image activity
You can learn more at the links below, or check out this on-demand webinar:
www.hashicorp.com/events/webinars/ep4-securing-your-infrastructure-with-terraform-and-packer-creating-a-secure-gold
www.hashicorp.com/products/packer/features
developer.hashicorp.com/hcp/docs/packer
Nice, thanks!
OMG i am goin to write a blog on packer soon
@@steve-at-yt sure steve
@@Shivalingpatil_cloudengineer where is the blog post? I want to read it :)