For DevOps teams, on-demand access to source code, tools, test servers, and production builds are necessary to administer systems and debug production issues.
The focus for DevOps security should be automation
It’s common to share private keys and credentials for immediate access, which increases the risk from both external and insider threats, either malicious or accidental. The focus for DevOps security needs to be automation: if security & compliance are part of the automated process, there is less risk of introducing security flaws and the process is consistent and predictable.
For organizations leveraging DevOps looking to balance speed, agility, and security, Thycotic provides a high-velocity vault for automating secrets management in DevOps that minimizes privilege account sprawl, hardens the overall attack surface, and lowers the risk of attack. DevOps Secrets Vault is a platform-agnostic, cost-effective, rapid set-up vault that is capable of high-speed secrets creation, archival, and retrieval.
DevOps Secrets Vault already enables AWS roles, Azure Service Principals, or GCP Service Accounts for bootstrapping and ongoing secure authentication. Dynamic secrets can be generated to allow tools or applications to do extremely fine-grained tasks and then expire, eliminating the damage any leaked credentials can do. Thycotic is constantly adding to the list of SDKs and DevOps tool plug-ins such as Jenkins, Kubernetes, Terraform, Chef, Puppet, Azure DevOps, and more.
With the latest release, this cloud-based solution offers new out-of-the-box integration with Secret Server, SIEM integration, automated authentication through SSH keys and certificate generation, new workflows to streamline command-line use, and a Home Vault (personal user space for secrets). These new features help organizations extend Privileged Access Management (PAM) security, automate authentication, and streamline the use of the command-line.
Extend PAM security
DevOps Secrets Vault’s Secret Server integration allows Secret Server to create secrets in DevOps Secrets Vault and sync updates to those secrets. It also enables customers to use DevOps Secrets Vault for fast API access and CI/CD pipeline integration while also benefiting from the additional PAM capabilities of Secret Server, such as credential rotation.
With the new Home Vault feature, every DevOps Secrets Vault user gets their own space for secrets that even admins do not have access to by default.
DevOps Secrets Vault logs can be pushed in near-real-time to a SIEM endpoint in CEF, Syslog, or JSON format. These log events can be correlated on the SIEM side so administrators gain deep insight into privileged account usage and get alerts when specific events occur in DevOps Secrets Vault.
DevOps Secrets Vault can now issue X.509 and SSH certificates which enable the automation of certificate signing and distribution, in turn enabling short-lived certificates, making these processes both highly efficient and secure.
Streamline use of the command-line
To simplify human navigation of the command-line, DevOps Secrets Vault now supports a variety of workflows that guide the user through the process of creating and updating:
- Public key infrastructure (PKI)
- SIEM log pushes
- Authentication provider
You can test out all of these features for yourself with the free version of DevOps Secrets Vault.
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Billy VanCannon. Read the original post at: https://thycotic.com/company/blog/2020/09/15/devops-secrets-vault-extends-pam-security/