Skip to main content

Launch checklists for your production environment

Learn about the steps to take before going live with production workloads on your Piiano Vault

Introduction

This guide lists all the items you should check and validate before going live with production workloads on your Piiano Vault. Checklists for self-hosted and hosted Vaults are provided.

Self-hosted checklist

  • Hardware – Verify your hardware requirements.
  • Database
    • The supported database is PostgreSQL release 14.2 or newer.
    • You must use a production-ready database which is monitored, backed-up regularly and maintained. To achieve that, it is recommended to use the cloud provider managed PostgreSQL, e.g. RDS in AWS and CloudSQL in GCP.
    • Do not use the default database password provided by installers in vault-deployment.
  • PCI – Do you require PCI compliancy? Read the PCI implementation guide and follow the self-hosted steps.
  • Development mode – Ensure PVAULT_DEVMODE is set to false.
  • Logging – Set these environment variables to identify your installation. This allows Piiano to monitor your environment and proactively identify issues as well as support you more effectively when you raise questions and issues.
    • PVAULT_LOG_CUSTOMER_IDENTIFIER – Set to your company name.
    • PVAULT_LOG_CUSTOMER_ENV – Set to the environment of your Vault. Recommended values are PRODUCTION, STAGING, and DEV. For Piiano to proactive monitor this environment, you must have the substring prod within the name of the environment.
    • PVAULT_LOG_CUSTOMER_REGION – Set to your region. This is useful if you have production environments in different regions.
  • IAM - Customize the default IAM configuration for your use case and follow the principle of least privileges.
  • Onboarding – Set up an onboarding meeting to review this checklist and to provide the support procedure and escalation process.

Hosted checklist

Piiano controls the environment variables and the hardware provided for the hosted Vault. You can not modify them. As part of the onboarding these values are determined and set by Piiano.

  • Hardware – Piiano SaaS is designed to handle a few 10s of requests per second. We can support a higher rate, which you can request during the onboarding session.
  • PCI – Do you require PCI compliancy? Read the PCI implementation guide and note the hosted section.
  • Environment variables in the SaaS are controlled by Piiano. Here are the ones that may require changes for your Vault:
    • PVAULT_SERVICE_ALLOWED_HTTP_DESTINATIONS – When using the HTTP_ACTION(proxy) functionality, let us know which destinations to add to the allow-list.
    • PVAULT_SERVICE_ALLOW_ORIGINS – Controls CORs when using the iframe provided by Vault. If you are hosting this iframe, let us know their domains to add to your allow-list.
  • IAM - Customize the default IAM configuration for your use case and follow the principle of least privileges.
  • Onboarding
    • Set an onboarding meeting with Piiano to review this checklist and determine all the information required to spin up your production Vault.
    • When your production environment is ready and configured correctly according to your requirements, Piiano provides the credentials to access it and the support procedure and escalation process.