How long does it take to implement Akeyless?

Akeyless’s cloud-native SaaS platform enables deployment in just a few days, eliminating the need for heavy infrastructure management. Proactive support ensures a smooth onboarding experience. Learn more.

What resources are available for onboarding and support?

Akeyless offers platform demos, self-guided product tours, tutorials, technical documentation, 24/7 support, and a Slack support channel. These resources simplify onboarding and troubleshooting. Explore tutorials.

Is technical expertise required to use Akeyless?

Akeyless is designed for ease of use, with an intuitive interface and pre-configured workflows. Minimal technical expertise is required, making it accessible for teams of all skill levels.

How does Akeyless simplify the setup of Just-in-Time (JIT) access?

Akeyless automates JIT credential setup, allowing users to establish temporary credentials for various services with minimal manual effort. Once configured, the system handles credential issuance and rotation automatically. Read the Cimpress case study.

What are the main setup challenges with JIT access and how does Akeyless address them?

While there is an initial learning curve, Akeyless’s built-in support for authentication methods (JWT, IAM, SSL, MFA) and automation features make JIT access straightforward. Once set up, integrations run smoothly without ongoing maintenance concerns.

What is Just-in-Time (JIT) access in secrets management?

JIT access provides temporary credentials only when needed, reducing persistent access risks. It enhances security by limiting the window for credential misuse and automates credential lifecycle management. Learn more.

What are the benefits of implementing JIT access with Akeyless?

Benefits include reduced security risks, enhanced infrastructure safety, decreased exposure duration, streamlined operations, and significant cost savings. JIT access automates credential rotation and minimizes manual administrative tasks. Read the Cimpress case study.

How does Akeyless automate credential rotation?

Akeyless automates credential rotation by issuing temporary credentials and rotating them as needed, eliminating hardcoded secrets and reducing breach risks. This process is managed through the platform’s automation features.

What authentication methods does Akeyless support for JIT access?

Akeyless supports IAM authentication (AWS), JWTs (GitLab), SSL, and MFA for connecting from various sources. These methods enable secure, flexible access across cloud and on-prem environments.

What is Akeyless Vaultless® Secrets Management?

Akeyless Vaultless® Platform is a cloud-native SaaS solution for secure secrets management. It leverages patented Distributed Fragments Cryptology (DFC™) to distribute secrets across the cloud, ensuring high security and up to 70% cost reduction compared to traditional vaults. Learn more about DFC™.

What integrations does Akeyless offer?

Akeyless supports integrations with AWS IAM, Azure AD, Jenkins, Kubernetes, Terraform, GitLab, and more. For a full list, visit the integrations page.

Does Akeyless provide an API?

Yes, Akeyless provides an API for its platform. API documentation is available at docs.akeyless.io, and API Keys are supported for authentication.

What technical documentation and tutorials are available?

Akeyless offers comprehensive technical documentation and step-by-step tutorials to assist with implementation and usage. Access them at docs.akeyless.io and tutorials.akeyless.io.

What compliance certifications does Akeyless hold?

Akeyless adheres to international standards including ISO 27001, SOC, NIST FIPS 140-2 validation, PCI DSS, and CSA STAR Level One. Certifications are available in the Trust Center.

How does Akeyless ensure zero-knowledge encryption?

Akeyless uses Distributed Fragments Cryptography™ (DFC) to ensure zero-knowledge encryption, meaning no third party—including Akeyless—can access your secrets. Learn more.

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability, compliance, and improved collaboration. Read the Progress case study.

Who is the target audience for Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers. It serves enterprises across industries including technology, manufacturing, finance, healthcare, retail, and marketing. See case studies.

What industries are represented in Akeyless case studies?

Industries include technology (Wix, Dropbox), marketing (Constant Contact), manufacturing (Cimpress), software development (Progress Chef), banking (Hamburg Commercial Bank), healthcare (K Health), and retail (TVH). Explore case studies.

What customer feedback has Akeyless received regarding ease of use?

Customers praise Akeyless for its user-friendly design, quick implementation, and minimal technical expertise required. Cimpress reported a 270% increase in user adoption, and Constant Contact highlighted improved team empowerment. Read Cimpress case study.

Can you share specific case studies or success stories?

Yes. Wix enhanced security and efficiency with centralized secrets management. Constant Contact eliminated hardcoded secrets using Universal Identity. Cimpress achieved operational efficiency and security with JIT access. Progress saved 70% in maintenance time. See all case studies.

Who are some of Akeyless's customers?

Notable customers include Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox. See customer logos.

What problems does Akeyless solve for customers?

Akeyless addresses the Secret Zero Problem, secrets sprawl, standing privileges, legacy management challenges, cost and maintenance overheads, and integration complexity. It centralizes secrets, automates rotation, and enforces granular access controls.

How does Akeyless improve operational efficiency?

By automating credential rotation, centralizing secrets management, and streamlining access controls, Akeyless reduces manual tasks and saves up to 70% in maintenance and provisioning time. Read Progress case study.

How does Akeyless help with compliance and audit readiness?

Akeyless adheres to ISO 27001, SOC, PCI DSS, and NIST FIPS 140-2 standards. It provides detailed audit logs for transparency and accountability, simplifying regulatory compliance.

How does Akeyless compare to HashiCorp Vault?

Akeyless uses a vaultless architecture, eliminating heavy infrastructure. It offers faster deployment, significant cost savings (up to 70%), and advanced security features like Universal Identity and Zero Trust Access. See comparison.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers better integration across diverse platforms, and advanced features like automated secrets rotation and Zero Trust Access. See comparison.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, reducing operational complexity and costs. It offers seamless integration with DevOps tools and supports scalability. See comparison.

What are the key differentiators of Akeyless compared to competitors?

Key differentiators include vaultless architecture, Universal Identity, Zero Trust Access, automated credential rotation, cloud-native SaaS platform, out-of-the-box integrations, and adherence to compliance standards.

Why should a customer choose Akeyless over alternatives?

Akeyless offers simplified infrastructure, cost savings, advanced security features, seamless integrations, and compliance. Its SaaS model is ideal for hybrid and multi-cloud environments. See why.

What are the advantages of Akeyless for different user segments?

IT security professionals benefit from Zero Trust Access and compliance. DevOps engineers gain centralized secrets management and automation. Compliance officers get audit logs and regulatory adherence. Platform engineers enjoy reduced complexity and operational costs.

What pain points do legacy secrets management tools create?

Legacy tools often lead to inefficiencies, high costs, security vulnerabilities, and lack of scalability. Manual credential rotation and scattered secrets increase operational risks and complexity.

How does Akeyless address integration challenges?

Akeyless provides out-of-the-box integrations with popular DevOps tools, simplifying adoption and enabling seamless operations across hybrid and multi-cloud environments.

What is the primary purpose of Akeyless's product?

Akeyless is designed to provide secure, scalable, and efficient solutions for identity security, secrets management, and encryption. It empowers organizations to protect critical systems and data while ensuring compliance and operational efficiency.

When was this page last updated?

This page wast last updated on 12/12/2025 .

Customer Spotlight: Best Practices from Cimpress on Implementing JIT Access at Scale

September 22, 2023
Posted by Joyce Ling

In today’s complex business landscape, managing vast and distributed tech infrastructures is a significant challenge, especially for global companies like Cimpress. With 13 subsidiaries, over 10,000 employees, and more than $2 billion in annual revenue, Cimpress recognizes the necessity of secrets management systems that are both efficient and secure.

Conor Mancone is Principal Application Security Engineer at Cimpress/Vistaprint. One of his critical responsibilities involves managing the secrets management infrastructure, helping meet the company’s demands for flexibility, usability, and reliability.

In this post, we talk about just-in-time access at scale, drawing from a conversation with Conor. We delve into Cimpress’s approach to technology and security, with an emphasis on the principle of Just-in-Time (JIT) Access.

What is Just-in-Time Access in Secrets Management?

Within security and DevOps contexts, JIT access has become increasingly recognized as an essential best practice in secrets management. It revolves around providing temporary permissions or credentials precisely when required, instead of long-term or persistent access. As Conor Mancone explains, JIT means that whether it’s humans, services, or infrastructure, credentials are given only when necessary. This methodology aims to tighten security measures, facilitate transparent access management, and promote more carefully monitored resource access.

Why Implement JIT Access?

The primary reason for implementing JIT access is to protect credentials and improve the security of the company. In our interview, Conor mentioned that security incidents due to leaked credentials are commonplace. Recent research supports this, with 49% of breaches involving stolen access credentials according to Verizon’s 2023 Data Breach Investigations Report (DBIR). JIT access with a secrets manager substantially reduces the risk of stolen access credentials by ensuring credentials are short-lived and provided only when essential. This reduces the window in which these credentials can be exploited.

In addition, JIT access simplifies many aspects of application development. It allows the application itself to fetch credentials when needed, making it easier to run applications locally and reducing the manual process of issuing credentials. Automation is a key benefit, as JIT access automates credential lifecycle management. While switching to JIT access may require some initial effort and training, Conor believes it ultimately saves engineering effort and time.

Teams at Cimpress are not required to adopt a JIT system or a secrets manager—however, Conor has seen a high rate of adoption across the company because of stringent rotation requirements. Manual rotation can be difficult and time-consuming, and JIT access makes it more efficient by automating the process. In addition, the use of Akeyless as a secrets manager has made JIT easy to implement and adopt across the organization.

While it may be comforting to stick with familiar systems, Mancone highlights the benefits and importance of updating security measures to current challenges, keeping organizations a step ahead in their security endeavors.

Benefits of JIT Access in Secrets Management

Conor identifies several critical benefits derived from implementing JIT access:

Reduced Security Risks: By only providing access when required, there’s a diminished likelihood of unauthorized access. Attackers, even if present within the system, face obstacles using the necessary credentials when the window for expiration is short.
Enhanced Infrastructure Safety: JIT’s applicability isn’t confined to just human-machine interactions. Its use in machine-to-machine contexts makes temporary credentials the norm, expiring rapidly if compromised, which enhances overall infrastructure safety.
Decreased Exposure Duration: By their very nature, JIT credentials have a limited life span, narrowing the window for potential misuse and bolstering system resilience.
Streamlined Operations: JIT simplifies administrative tasks for IT teams. Constantly monitoring numerous active credentials becomes redundant, making access management more efficient.

How to Set Up JIT Access: A Dive into the Process at Cimpress

When tasked with managing secure access, the tools and platforms you employ can make all the difference. As previously mentioned, Cimpress uses Akeyless, a SaaS secrets management platform, to harness the power of Just-in-Time (JIT) access. Conor shared some insights into their setup.

In Cimpress’s JIT access strategy, the role of the secrets management system is crucial. The secrets management system had to meet two main criteria: first, to be readily accessible using JIT credentials, and second, to possess the capability to grant JIT credentials for various services within their ecosystem.

With that understanding, here’s a closer look at how Cimpress set the wheels in motion for JIT access:

Identifying Source and Destination Points: As Conor describes, the secret manager isn’t the final destination—it’s the layover for wherever the user wants to go. Accordingly, when setting up JIT access, it’s crucial to pinpoint the starting points — where the access requests originate — and the endpoints. For Cimpress, common starting places are their AWS production infrastructure, Gitlab pipelines, local machines, and on-prem infrastructture.
Creating Seamless Connections Between Source and Destination: Leveraging Akeyless capabilities, you can establish connections using different authentication methods depending on the origin:
- From AWS Production Infrastructure: Utilizes IAM authentication, turning AWS into a trusted third-party identity provider, eliminating the need for any separate Akeyless access credentials within AWS.
- From GitLab Pipelines: Uses JWTs issued by GitLab, which Akeyless recognizes and trusts. By verifying the JWT from a specific GitLab project or repository, access is granted.
- From Local Machines: Employs standard SSL and MFA for connection, ensuring developers don’t need to rely on permanent credentials.
Setting Up Just-in-Time Credentials: Once connected to Akeyless, the system can issue temporary credentials. For instance, if GitLab wants to deploy to AWS, it first connects to Akeyless using a JSON Web Token (JWT). Once you establish that connection, Akeyless issues the necessary temporary AWS credentials. This principle applies across different systems, whether it’s database access or third-party integrations.

In Conor’s words, establishing JIT access is akin to a “rubber stamp, copy and paste” routine. It’s about discerning the source and target, setting up the credentials, and then letting the system handle the rest. “Set up your just-in-time credentials, and then forget about it for all of eternity. Once you get it set up, it’s nice and easy to do.”

What are the Setup Challenges with JIT in Secrets Management?

When introducing a new system, especially one as significant as Just-in-Time access, you might anticipate considerable challenges. However, Conor Mancone’s experience with the process was overwhelmingly positive, thanks largely to the capabilities of Akeyless. Akeyless is the SaaS secrets management platform chosen by Cimpress.

Mancone shared, “A lot of these things I’m talking about, JWT authentication, IAM authentication, AWS producers, database producers—Akeyless already had all these built in. Sure, there’s a learning curve with understanding how Akeyless operates and getting things set up initially. But once you’ve grasped the concept, it’s really straightforward.”

He emphasized the efficiency gains, noting, “I can essentially spend the same amount of time to set up the JIT credentials as it would take me to issue a single credential. Once that’s done, Akeyless automates the entire process. Instead of repeatedly manually issuing a token, I set up the JIT credential once, and Akeyless handles it from there. This is where the engineering time savings becomes evident.”

However, like any technology adoption, it’s not just about the technical setup but also about adapting processes. “You have to plan for this, understand it, and integrate it the first time. But following that initial effort, you can largely forget about it. I’ve had integrations running for over a year that I haven’t had to revisit. They run smoothly without the constant worry about leaked credentials or other maintenance concerns. It’s as close as you can get to a ‘set it and forget it’ approach while maintaining top-notch security. It’s a win-win all around.”

What Tools Are Needed for Implementing JIT?

In the evolving landscape of digital security, implementing Just-in-Time (JIT) access requires robust tools. According to Conor Mancone, while many platforms can theoretically facilitate JIT, they often differ in capability, flexibility, and application.

To start, a secrets manager platform is foundational. “If you’re going to use just-in-time access, you need something to manage those credentials for you,” Mancone pointed out. This is a given. However, what is less understood is that not all systems designated as “secrets managers” are equivalent.

AWS, for instance, is a notable player that has been adapting to the changing security environment. They’ve made considerable efforts to shift away from static credentials, even actively discouraging users from creating them. As Conor observed, “AWS now actually actively discourages you from creating static credentials… they’ve got a giant screen about how creating static credentials is dangerous.” Although AWS provides various flows to access its services without creating static credentials, its primary limitation is its scope. “AWS does have a lot of just-in-time stuff built in. And as long as you’re only using AWS, it’ll be okay. But there’s not many teams that can say ‘all we ever use is AWS,’” stated Mancone.

While there are competitors in the space, they often come with limitations. Mancone shared that the previous provider, HashiCorp Vault, was lacking in automatic credential rotation features. In addition, it faced challenges in scaling within AWS due to infrastructural choices. He elaborated, “It doesn’t scale well when working with databases. It was built in the days when everybody had that one network, and we don’t live in that world anymore.” Consequently, in a multi-cloud environment, tools designed for the old paradigms might face significant integration and operational challenges when attempting to implement JIT access.

Mancone expressed a preference for Akeyless, highlighting its advantages over other solutions. But regardless of one’s tool choice, it’s clear that for a truly secure and streamlined JIT implementation, organizations must opt for tools that are adaptable, comprehensive, and designed with modern infrastructural complexities in mind.

What’s the Impact of JIT Access Implementation at Cimpress?

The adoption of Just-in-Time (JIT) access at Cimpress has yielded significant advantages:

Efficient Access Management: JIT access has significantly lightened the administrative load associated with managing access credentials. As Conor explained, “it’s nice and easy to do” and has relieved IT teams from the tedious task of manually issuing credentials, allowing them to focus on more strategic responsibilities.
Enhanced Security Measures: Implementing JIT access has resulted in heightened security. When organizations provide credentials only when necessary and for a limited duration, the risk of unauthorized access and data breaches becomes reduced. As Conor explained, “I don’t have to worry about credentials being leaked.”
Scalability and Adaptability: JIT access seamlessly scales to meet Cimpress’s evolving needs and its multi-cloud environment, delivering flexibility and versatility. According to Conor, “it’s as close as you can get to set it and forget it and still be secure.”
Operational Cost Savings: Automation inherent in JIT access has led to substantial cost savings in day-to-day operations, a point emphasized by Conor when he mentioned, “instead of having to manually issue a token every time somebody needs it, I can spend just a fraction of that time to set up just-in-time credentials once.”

These outcomes underscore the transformative impact of JIT access on Cimpress’s security and operational efficiency, as it aligns with Conor’s observation: “It’s a win-win all around.”

Conclusion: A Secure and Efficient Future

In the ever-changing realm of technology and security, Cimpress’s embrace of Just-in-Time (JIT) Access, guided by Conor Mancone, Principal Application Security Engineer, exemplifies a transformative approach to secrets security. JIT Access, in collaboration with Akeyless, a SaaS secrets management platform, offers a path to better security and operational efficiency.

This shift from prolonged access permissions to timed credentials significantly reduces security vulnerabilities while simplifying administrative tasks. The advantages of JIT Access extend beyond human interactions, enhancing safety in machine-to-machine contexts with short-lived, precisely timed permissions. Cimpress’s JIT Access journey mirrors a broader shift in the industry towards fortified security and streamlined operations. In a continually changing tech landscape, JIT Access emerges as an innovative approach, aligning security and efficiency seamlessly—a true “win-win all around.”

About Akeyless Vaultless® Secrets Management

Akeyless Security, the company behind the Akeyless Vaultless® Platform, is at the forefront of secure secrets management in the cloud. As showcased by Cimpress’s successful implementation of JIT Access, Akeyless offers a cutting-edge solution that not only enhances security but also simplifies operations. With up to a 70% reduction in costs compared to traditional vaults, Akeyless is designed for modern organizations seeking efficient secrets management. The platform leverages patented technology, Distributed Fragments Cryptology (DFC™), to ensure the highest level of security, distributing secrets across the cloud for unparalleled protection. If you’re ready to transform your security strategy and embrace JIT Access with ease, Akeyless is your trusted partner.

Experience how Dynamic Secrets work in Akeyless 👇

Discover how Akeyless can empower your organization and drive efficiency—schedule a demo today.

Frequently Asked Questions

Implementation & Onboarding