Sign Up Schedule a Demo Login

AKEYLESS Blog

Secrets Management for DevOps:
Best Practices

The Current State of Secrets Sprawl Leads to Inefficiency

The combination of proliferation and decentralization of secrets, widely familiar to any DevOps team, creates an operational burden, not to say a nightmare. Having the same passwords in your multiple Ansible jobs, your Kubernetes containers, or in the daily batch routine you’re coding, requires a considerable effort when these passwords need to be rotated.

Since secrets are located in various environments (cloud, on-prem, hybrid) and managed by different administrators, such as Island of Secrets, Ansible Secrets, Docker Secrets and Kubernetes Secrets, to name a few, no unified control pane is available for the management of the multiple secrets repositories. 

For organizations that operate in both a cloud-native environment and a classic IT infrastructure, a duplication issue is created due to having their own secrets managed with different tools and a cloud-native solutions. Last but definitely not least, there is a security concern – how can cloud-native systems securely access resources that are external to their environment. 

8 Things to Look for When Choosing a Secrets Management Solution

  • A single, unified SaaS platform for various use cases

Support for all types of secrets, machine and human, such as: Encryption keys, API-keys, Tokens, Passwords, SSH keys, x.509 certificates, Signing keys

  • Works in hybrid, multi-cloud, multi-region environments

Allows seamless cross-platform, cross-environment workflows to solve the ‘closed garden’ operational block

  • Plugins to every DevOps tool

Common cloud platforms such as Kubernetes, Docker, Jenkins, Terraform, Ansible, and others

  • Works via CLI, UI, REST API, SDK

Allows authentication via third-party Identity Providers while could workload platforms provision secrets

  • Solves the Secret-Zero problem 

Providing inherited identity derived from the parent system together with an ephemeral token for continuous authentication

  • Visibility into who accesses what secret, when and where

A robust analytics dashboard to create real-time audit logs for individual accountability

  • Enforced least privileges for both machines and humans

Both users and application are allowed access on a need-to-know, just-in-time basis – specified access for a specified duration

  • A Solution that supports your future scale

As your operation expands to more environments and regions, scalable integration capabilities with support for a wide variety of plugins  

Existing Secret Management Solutions

On-prem: Thycotic Secret Server, Hashicorp Vault, CyberArk Conjur

With on-prem solutions, the burden of deployment and ongoing operations falls on the user since some of these solutions are OSS tools that integrate with only a limited number of platforms, and require a great deal of effort to support future scale. Additionally, on-prem solutions cover a small number of use cases. Lastly, there is no support, unless you opt for a pricy, enterprise solution. 

SaaS: AWS Secrets Management, Azure Key Vault, GCP Secret Manager

With CSP-based solutions there isn’t solid support for multi-cloud and hybrid environments, not to mention multi-region that requires to replicate objects, secrets and keys by the user. Additionally, there is a significant lack of support for integration with third-party platforms, such as identity providers and container platforms. Last, there is no solution for the issue of identification beyond the specific environment of the CPS provider.

AKEYLESS Vault – The Secrets Management Solution Tailored for DevOps

Changing the secrets game by offering unified management across hybrid and multi-cloud environments that supports workflows and future scale.

To see AKEYLESS in action Schedule a Demo

Recent Posts

March 27, 2020

AKEYLESS Wins Next Gen Secrets Management Award

May 04, 2020

Integrate Secrets Management into DevOps Workflow

May 04, 2020

Secrets Management for DevOps:
Best Practices

May 17, 2020

Eliminating SSH Keys is Possible

May 31, 2020

Secrets Management “Done Right” Improves Your DevOps KPIs

June 22, 2020

Just-in-time Access Done Right

July 22, 2020

An Absolute AppSec Episode with AKEYLESS

August 03, 2020

Better Protect Your Kubernetes Secrets and Privileged Access

AKEYLESS named Double Winner
in Cyber Defense Magazine
InfoSec Awards 2020!

Market Leader
Keys Management and Protection
Next Gen
Secrets Management and Protection
Learn About Our Solution