Case Study: Starbucks secures 100,000+ edge devices with HashiCorp Vault

Securing Secrets and Identity for 100,000+ Edge Devices at Starbucks with HashiCorp Vault

Starbucks partnered with HashiCorp to secure secrets and identity across more than 100,000 retail edge devices spread across thousands of stores and networks. As Starbucks scaled its retail technology environment, it faced the challenge of solving the “Secret Zero” problem for Vault in a highly distributed, low-touch edge setting where trust, automation, and least privilege were essential.

Using HashiCorp Vault, along with Terraform, Kubernetes, and Vault Agent, Starbucks built automated secret and identity management patterns for edge devices, including wrapped secret delivery, AppRole-based bootstrapping, and TPM-based identity attestation concepts. The solution improved scalability, resiliency, and security for retail operations by enabling short-lived dynamic secrets, strong automation, and more reliable credential rotation across the edge environment, supporting the secure management of 100,000+ devices.

Starbucks

Andrew McCormick

Lead System Engineer