What features does Akeyless offer for secrets management and policy-as-code?

Akeyless provides a comprehensive platform for secrets management, including vaultless architecture, Universal Identity to solve the Secret Zero Problem, Zero Trust Access with granular permissions and Just-in-Time access, automated credential rotation, centralized secrets management, and out-of-the-box integrations with tools like AWS IAM, Azure AD, Jenkins, Kubernetes, and Terraform. The platform also supports policy-as-code approaches, enabling organizations to automate secrets management and embed security policies directly into infrastructure and application deployments.

Does Akeyless support Kubernetes secrets management?

Yes, Akeyless offers dedicated documentation and features for Kubernetes secrets management, allowing organizations to securely manage secrets in Kubernetes environments and automate policy enforcement as part of their deployment pipelines.

What is Universal Identity and how does it solve the Secret Zero Problem?

Universal Identity is a patented Akeyless feature that enables secure authentication for both human and machine identities without storing initial access credentials. This eliminates hardcoded secrets and reduces breach risks, addressing the Secret Zero Problem faced by many organizations.

Does Akeyless provide an API for integration?

Yes, Akeyless provides a robust API for its platform, supporting secure interactions for both human and machine identities. API documentation and guides are available at https://docs.akeyless.io/docs.

What security and compliance certifications does Akeyless hold?

Akeyless is certified for ISO 27001, SOC 2 Type II, PCI DSS, FIPS 140-2, and CSA STAR, demonstrating adherence to international standards for IT security, data protection, and cloud security. These certifications ensure Akeyless meets the needs of regulated industries such as finance, healthcare, and critical infrastructure.

How does Akeyless protect sensitive data?

Akeyless uses patented encryption technologies to secure data both in transit and at rest. The platform enforces Zero Trust Access, granular permissions, and Just-in-Time access to minimize standing privileges and reduce access risks. Audit and reporting tools are provided to track every secret and ensure compliance.

Where can I find more information about Akeyless's security and compliance measures?

Detailed information about Akeyless's security practices, certifications, and compliance measures is available at the Akeyless Trust Center.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Organizations looking to centralize secrets management, automate credential rotation, enforce Zero Trust Access, and reduce operational costs can benefit from Akeyless.

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, and cost savings. Case studies show up to 70% savings in maintenance and provisioning time. The platform supports multi-cloud and hybrid environments, improves employee productivity, and helps organizations meet regulatory requirements.

Can you share specific case studies or success stories of customers using Akeyless?

Yes, Akeyless has several published case studies and video testimonials. For example, Constant Contact scaled in a multi-cloud, multi-team environment; Cimpress transitioned from Hashi Vault to Akeyless for enhanced security; Progress saved 70% of maintenance and provisioning time; and Wix adopted Akeyless for centralized secrets management and Zero Trust Access.

What feedback have customers given about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone of Cimpress said, 'We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation. All of our software that’s running, it just works — we haven’t really had to think about it since then. It’s been a really smooth, really easy process.'

Where can I find technical documentation for Akeyless?

Akeyless offers comprehensive technical documentation, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access all resources at https://docs.akeyless.io/ and https://tutorials.akeyless.io/docs.

How easy is it to implement Akeyless and get started?

Akeyless can be deployed in just a few days thanks to its SaaS-native architecture. For specific use cases, such as deploying the Akeyless Vault platform in OpenShift, setup can be completed in less than 2.5 minutes. The platform offers a self-guided product tour, platform demos, tutorials, and 24/7 support to help users get started quickly.

What customer service and support does Akeyless offer?

Akeyless provides 24/7 customer support, proactive assistance with upgrades, a Slack support channel, extensive technical documentation, and an escalation procedure for urgent issues. Customers can submit tickets via the support page or email support@akeyless.io. For unresolved requests, contact support_escalation@akeyless.io.

What training and technical support is available to help customers adopt Akeyless?

Akeyless offers a self-guided product tour, platform demos, step-by-step tutorials, and comprehensive technical documentation. 24/7 support and a Slack channel are available for troubleshooting and guidance.

How does Akeyless handle maintenance, upgrades, and troubleshooting?

Akeyless provides proactive assistance with upgrades, 24/7 support for maintenance and troubleshooting, and extensive technical documentation and tutorials to help customers maintain and optimize their use of the platform.

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless architecture, eliminating the need for heavy infrastructure and reducing costs and complexity. Its SaaS-based deployment provides scalability and flexibility for hybrid and multi-cloud environments, with advanced security features like Universal Identity, Zero Trust Access, and automated credential rotation. HashiCorp Vault is self-hosted and requires more operational overhead.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, provides better integration across diverse environments, and offers advanced features like Universal Identity and Zero Trust Access. AWS Secrets Manager is limited to AWS environments. Akeyless also offers significant cost savings with a pay-as-you-go pricing model.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools and reducing operational complexity. It provides advanced security measures like Zero Trust Access and vaultless architecture, which are not commonly found in traditional PAM solutions.

Who are some of Akeyless's customers?

Akeyless is trusted by organizations such as Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox.

What industries are represented in Akeyless's case studies?

Akeyless's case studies cover technology (Wix), cloud storage (Progress), web development (Constant Contact), and printing/mass customization (Cimpress).

When was this page last updated?

This page wast last updated on 12/12/2025 .

Scaling Secrets Management with Policy-as-Code

Niamh Cahill, WW Sales Engineering Leader, Chef

Solution architect and sales leader with strong experience in design & implementing management solutions for mobile wireless providers, network providers and large enterprise environments.

Hey, everyone. Well, the thing being like being this session between everybody and their break in the cup of coffee, but no pressure. What a great conference, huh? And we have so many great presentations. I’ve really enjoyed all of them. And I think what I’ve enjoyed most is the fact that we all seem to have very common problems. Right? We’re all trying to solve the same issues, but we have different environments and different challenges depending on your vertical in your business.

So, what we’re going to talk about today is essentially how do you really smooth that transition to automate secrets management practically. How do you embed that into your infrastructure’s code deployments and your app deployments? You’re trying to do all these different things. We heard a lot about deploying different applications into multi-cloud, on-prem, data centers, etc. And we’re trying to do all of these different things at once across all of your application portfolios in your relative businesses.

So, let’s talk a little bit about Chef and who we are. So, Chef was founded in 2008. We focused originally on infrastructure as code. What a lot of folks don’t know about Chef is we also have a core functionality around compliance-as-code, and really bringing that functional layer to security and to secrets management in general, and your deployments. We were acquired by Progress last year.

What that has meant is we can really invest in add a lot more functionality to our products and invest in our engineering teams. Also, we see a lot of different customers all around the world. In my role especially, I see lots of different kinds of deployments, different geographies, different requirements and needs, different security standards. But still, there is commonality in those challenges across the board.

So, when we say we’re trying to do all the things and do all of these deployments, what does that mean exactly? Everybody’s application portfolios tend to follow a certain pattern. And you might have legacy applications. You might have a combination of legacy, some SaaS, but then also deploying on to just regular virtual machines, either in the cloud or on-prem in your data center. And you’re really trying to ensure security across all of these stacks. Right?

And so, as you’re deploying change into your environments, really the only way to achieve secrets management and 100% coverage and really securely deliver your deployments is to automate all of this. So, how do you approach automating all of this across all these different tools, application stacks, deployment patterns, etc?

It’s really a challenge. And if you wait until after your deployment, which I think most folks do do some checking checks and balances as part of their pipelines and their deployment pipelines. But if you wait ‘til after the fact, after your deployment to do the balance and the checks, or to validate that you have the correct secrets management policy deployed, you’re going to lack visibility.

You really have to shift that whole process left in order to ensure that it’s consistently deployed. And also, we talked a lot about the human role and the human component, as part of this whole process. And automating and automating secrets management and making it easier, it’s really about making your operations and developers lives easier too. And if you don’t add that big, easy button into this whole process, you’re really not going to get there as consistently or become 100% compliant 100% of the time, which is obviously the Nirvana goal.

So, what is infrastructure as code? I know, a lot of you’ve heard, obviously, of Kubernetes, and application deployments, leveraging containerized workloads, that kind of approach. But overall, infrastructure as code is really about defining the change you want to deliver, whether it’s an application deployments, or an operating system configuration updates, patches, whatever that might be, and codifying it.

And in doing that, what you can do is you can bring automated checks and balances to that deployment code. So, stating what you want to have changed. So, think something as simple as a CloudFormation template. But it could also be a Chef cookbook that you’re delivering to a virtual machine within VMware, for example.

And in doing so, what you can do is you can functionally validate your deployment, and then you can also perform security checks on those. So, is this a change that I want to deliver? Is this update in this change going to actually work as you’re going through that deployment? And is it secure?

So, for example, my secrets management perspective, we’re going to cover an example in a couple of slides, but what should the policy be around the secrets management? No basic authorization, but for example, let’s make sure that we’re including secrets rotation and a policy as part of that deployment that states that I need to integrate with a solution like Akeyless, and you can have that as a check and balance as part of your application deployment and your infrastructure-as-code.

Typically, the changes that we see, you’re either updating your application config, or you’re updating some layer of your operating system or underlying infrastructure. So, if we think about the change in those kinds of categories, so we’ve heard this example, or this kind of example, mentioned a lot today.

So, one of the key takeaways from infrastructure as code as it relates to secrets management is, you don’t want to end up in this scenario. Right? So, this seems so obvious when we’re standing here looking at it and it’s the middle of the day. But when it’s 12 o’clock at night, and you’re finishing up a project, and you commit something inadvertently, it could be to a public GitHub repo, you can easily end up in this situation where you have secrets in GitHub, or something that’s publicly accessible. And this is one example. There are other examples.

But you’ll see that what we’re doing here is we’re actually defining, as code, user account creation in Windows, which is a whole other layer that we could talk about there in terms of authorization and password rotation, etc. But you will be surprised how many examples of this kind of deployment pattern we see at Chef. And it’s definitely a problem that folks across the board have to deal with an ongoing basis.

So, compliance-as-code. What exactly does this mean. So, you want to deploy change into your environment, but you also want to make sure that the change is secure, and that it adheres to your security policy. And that’s where Chef InSpec and the whole concept of compliance-as-code comes into play.

So, what Inspect does is it validates your YAML. It’ll validate the deployments that you’re delivering on an ongoing basis. So, it could be a container build, it could be a Kubernetes update, it could be a new virtual machine, and just really making sure that those configurations are secure. And it’s an extremely flexible language, we’re going to take a look at an example here. And it’s meant to be very legible.

So, basically, it’s bringing that functional and pragmatic level layer of security to all of the other things that you’re doing. And so, these validation checks, what they’ll do is make sure that you’re, for example, not deploying an S3 bucket into AWS and setting it to public. It abstracts away a lot of the complexity of these checks.

In this example, what we’re validating is that my Kubernetes deployment… or update isn’t being deployed with basic authentication turned on. Now, the way that this works, practically speaking, is you would run this check as part of your deployment. If the check fails, the deployment will stop at that point and back around it goes and the update gets fed to your developer or whoever is responsible for helping update those standards. And the goal of compliance-as-code. And this approach is really to make it legible.

So, you may not be a developer. You might be on a security team and know technical stuff, but you may not know Ruby or lower-level languages. The goal here is to make it as human readable as possible, so that somebody who might be in security or in a different team can come in and get up to speed and understand this kind of approach right away.

So, putting it all together, I also heard a talk about you bringing the teams together and making sure that they have a common language and are having conversations and it’s not just one team handing off to the other, but really a collaboration around all of these different all of these different deployments and change that you’re delivering. And really defining what you’re changing as a policy and defining exactly what’s kind of stack and what kind of update you want deployed into your environment, and providing that common language that you all have visibility into, and that you can agree upon.

And it’s not just one team handing off to another in a very binary step. And then you start to break down the silos. Because at the end of the day, when we talk about DevOps and DevSecOps, that’s really the promise of that whole approach is providing that ability to have the teams talk to one another and have that basically holistic approach to all of this.

So, what I’m going to do, I’m going to run through a Kubernetes example. This is an example that one of our very large customers uses and they run this on an ongoing basis. So, the example is really leveraging Chef InSpec to validate the changes that they’re delivering into their Kubernetes environments. And they do this at a number of different levels. So, what we’re going to talk about is essentially updating a container image. And then from left to right, how that deployment occurs and how we automate secrets management through this update workflow.

So, you have a developer. The person is delivering change into a newly built container image. And that is being validated by your Chef InSpec and compliance code down here in the bottom. Some of the things we might check in that scenario are make sure that the application user is not root. For example, just very pragmatic stuff. Let’s make sure that monitoring is turned on for the app. Make sure that the image isn’t built from another image that somebody just happened to download from online, and who knows what’s in it?

So, yeah, there’s a number of different things you can do there. And if any of those checks fail, making sure that that image does not get promoted into your image repository for containers, so Docker, or whatever kind of container runtime you’re using. Also, if you have a policy that you want to enforce around that container, that could potentially be part of the container image itself, you can also perform that kind of check.

So, the second step that we’re going to do in terms of enforcing secret management policy is making sure that, as we’re deploying, we heard a lot about it Zero Trust, and let’s talk about what Zero Trust means in cloud deployments or just programmatic deployments in general. Really, what we’re doing is making sure you have the minimal amount of access and authorization required, and also that it’s access that is short-lived.

So, as part of your deployment pipeline, typically, what we do is we’ll integrate with a solution like Akeyless. And then what we’ll also do from an InSpec perspective is validate that you have the correct secrets management configuration as part of your Kubernetes manifest. There’s a lot of different checks as well, that we can do there.

And so, we’re doing our deployment into Kubernetes, and formed an update. And then finally, on the right-hand side, this is where it comes together with our operations team. Because there’s two sides to this. So, there’s the team creating the change, but then there’s the team who’s on in an ongoing based way, responsible for making sure that your Kubernetes environments are up and running, and also that they’re secure.

That team will also integrate with authorization around secrets management to make sure that the right people are able to log in to view status, etc. And in conjunction with that, we also have Chef InSpec, where essentially, InSpec will sit and watch the Kubernetes configurations, the container images, making sure the right versions of different images are running, and also that the Kubernetes configuration that you’re deploying is still secure. And obviously, the checks that we run depend on how you’re running Kubernetes in this example.

So, you could be running it yourself on your own hosts. But if you’re using a cloud platform, typically what we’ll do is we integrate with that cloud platform API. So, the beauty of Kubernetes is obviously that a Kubernetes deployment is standard, no matter where you’re deploying to. So, that’s very flexible, but then how we’re accessing that information is really, you know, basically comes down to access into the different cloud layers.

So, when you bring that all together, and you’re codifying your deployments, you’re doing, obviously, your vulnerability scanning, for example, over here on the left-hand side, and you add in this really your policy as code and compliance-as-code approach, you really have a very powerful solution to ensure that your developers and the teams that are running your environments really are following the correct policies that they’re leveraging, for example, cert configuration, etc., that are required for your security policy.

So, I don’t know if any of you have heard of Kelsey Hightower. I live in Portland, Oregon. Kelsey is one of my neighbors in town, and he does a lot of talks for Google Cloud on Kubernetes. And he’s a Developer Advocate. But this really struck me as very relevant and poignant and funny because, yes, you can learn a container in a day with Kubernetes. Every time I think I understand all the different layers, there’s something new that comes along.

So, I think the point here is all of our environments are constantly evolving. We have to keep up with all of this in a codified manner. And the more automated and the more that we can smooth the way for all of our teams to be able to adhere to secrets management policies and security policies we’re putting in place, the easier it will be and the faster we can go.

So, really need to build security into your automated processes, preferably into your pipeline. Secrets management is most certainly a core component of DevOps. You really can’t have infrastructure as code without having a solid understanding and approach around secrets management. It’s really fundamental. And then finally, especially when it comes to multi-cloud, obviously when you combine that with infrastructure-as-code, it’s even more important. So, thank you very much, and enjoy the coffee.

Frequently Asked Questions

Features & Capabilities