Case Study: Kickstarter achieves secure, highly available secrets management with HashiCorp Vault and Consul

Kickstarter Uses Vault And Consul To Manage Secrets Securely With High Availability

Kickstarter, the global funding platform for creative projects, needed a secure way to manage secrets and configuration as it moved from a monolithic Ruby on Rails application to a microservices architecture. With a small, distributed engineering and ops team and a high-volume, always-on platform, the company needed reliable security for sensitive data and encrypted communication in transit. HashiCorp’s Vault and Consul were adopted to support this challenge.

HashiCorp implemented Vault to manage secrets, issue certificates through its PKI backend, and authenticate services with AppRole, while Consul provided a highly available storage backend and configuration store. Kickstarter also used envconsul, AWS Lambda, S3, CloudFormation, and monitoring tools like StatsD, Telegraf, InfluxDB, and Grafana to automate access and visibility. The result was a stateless, resilient secret-management system with high availability, secure TLS encryption, automated container secret retrieval, and hourly Consul snapshots to S3 for backup and recovery.

Kickstarter

Natacha Springer

Remote Cloud Operational Engineer