Reduce the spread of “secrets” with DevOps Secrets Vault

According to the Forrester DevOps Security Survey Report 2021, both IAM leaders and developers want to simplify access control and face inefficient access control solutions that often require manual control and are not always effective. Managers expect that a specially designed PAM solution for DevOps will help development and security teams work better together, eliminating the complexity and contention issues that arise when embedded tools or traditional PAM repositories are upgraded for use in DevOps.

The main conclusions of the report include:
57% have encountered security incidents involving the disclosure of secrets as a result of dangerous DevOps processes over the past two years, and 62% expect such incidents to become more common over the next two years.
• 71% of respondents want centralization, and 76% implement automated secret management solutions in tools already used by developers.
devops1

While inefficient processes and a lack of clear responsibilities create contentious issues between DevOps and security teams, it makes sense to pay more attention to this.

Improving the quality of user interaction
Ease of use and security together increase the level of implementation and reduce the number of errors.
Convenient cybersecurity solutions that are easy to implement and scale simplify integration with the DevOps process.

DevOps Secrets Vault is a cloud storage that provides the balance between security and speed that DevOps commands need for this growing part of the enterprise attack surface.

In order to modernize and simplify the interaction with the product in the new issue of DevOps Secrets Vault has been improved through user experience. Several user interface improvements, such as improved help getting, more complete search, and the ability to create, update secrets with the wizard, support the speed and dynamism of the DevOps process.

Improving the level of management of secrets
The presence of a centralized automated solution helps to increase the efficiency of the development process. A single centralized repository ensures the efficiency and security of secret management. In today’s container-driven environment, Kubernetes provides applications in modules with a mechanism for accessing secrets.

The Kubernetes plugin for DevOps Secrets Vault provides a single secure repository for all Kubernetes subsystems for accessing secrets. In the latest release, our Kubernetes sidecar extension now supports the use of usernames. Now modules can restrict access only to secrets located in this namespace, thus preventing modules from accessing secrets they do not really need. Support for certificate authentication has been added to the integration of Kubernetes Sidecar, which eliminates the need for customer credentials and solves the problem of “zero secrecy”.

What is the “zero secret” problem? The “zero secret” is the main secret key needed to unlock the main access – the last “secret” to access the password store. This single effective vector of attack exists both locally and in private cloud environments. Using a client certificate to authorize users in a Kubernetes cluster can help make the whole environment more secure.

As DevOps scales, consolidation of access control solutions and ease of management become essential for seamless security. Delinea DevOps Secrets Vault innovations and updates continue to help DevSecOps improve processes, minimize the growth of access privileges, and reduce the risk of attacks. Delinea DevOps Secrets Vault dynamic secrets are generated automatically at the time of request. They can be used when a user or resource, such as a configuration tool, needs an account, but access must expire after a certain time.

Dynamic secrets also allow for subtle authorization with the help of cloud politicians. Restricting the scope of secrets and the validity of credentials significantly reduces the value of secrets for attackers.

Leave a Reply

Your email address will not be published.