BeyondTrust DevOps Secrets Safe v20.3 release expands on the principle of treating applications with the same granular access control and scrutiny as you would human identities by releasing support for Kubernetes Authentication. This provides organizations with enhanced visibility and control over secrets and other privileged credentials used in dynamic environments and DevOps workflows, effectively enhancing DevOps security and meeting compliance targets.
Enterprises have adopted Kubernetes and other cloud-native technologies to increase agility, accelerate software delivery, and support digital transformation goals. Kubernetes has become the preferred orchestration platform for containers, simplifying the work of both developers and operators.
Among the orchestration benefits of Kubernetes is how resources are identified and authorized. This new version of DevOps Secrets Safe includes the capability to allow containers to leverage their Kubernetes service accounts to gain authorized access to secrets. These resources can be granted granular access to sensitive data, creating a complete audit trail of automated container activity within your Kubernetes infrastructure. This Kubernetes integration simplifies the authentication process and reduces the complexities with securely providing secrets to your containers. Leverage this authentication to enable productivity and agility in your DevOps processes, while also keeping a comprehensive audit of all secrets operations.
Other exciting new features in this release include:
Kubernetes Init Container
Application developers struggle to achieve an effective balance between securing their use of sensitive data, while also minimizing reliance on external dependencies. With a DevOps Secrets Safe init container, the specifics for retrieving secrets are abstracted from the application container. This allows app developers to keep their services simple and built-for-purpose, eliminating the need to write direct integrations or rely on insecure methods of accessing secrets.
With a goal to “make infrastructure actionable, scalable, and intelligent”, Puppet automation tools are a valuable asset for any DevOps team. However, it’s critical that these highly automated processes and workflows are enabled in a secure manner. To that end, DevOps Secrets Safe now includes an out-of-the-box native integration that allows automatic retrieval of sensitive data to be used to manage your Puppet orchestrated infrastructure.
Ansible Secret Storage
When deploying and configuring infrastructure, many powerful and privileged accounts can get created. It is imperative to apply security best practices by initializing system and application accounts with unique, complex passwords that are protected by a centralized secure secret store. As an extension of the Ansible native plugin capabilities, secrets can now be generated dynamically and stored securely as part of your Ansible playbooks.
Amazon EKS Deployment
By targeting Kubernetes as a deployment platform, DevOps Secrets Safe helps your organization take advantage of flexible infrastructure choices, from on-prem to managed cloud services. V20.3 now includes support for Amazon Kubernetes services as a certified deployment location, further expanding on our goal of being the easiest and most flexible secrets management solution to deploy.
Duo Two-factor Authentication (2FA)
As with any security solution, enabling two-factor authentication for users is a fundamental best practice. With the release of DevOps Secrets Safe v20.3, admins can now enable Duo 2FA for the users of DevOps Secrets Safe, adding yet another layer of security to the authentication process.
Building on Best-in-Class Secrets Management
BeyondTrust continues to evolve the capabilities of DevOps Secrets Safe and expand the use cases that address the secrets management challenges across the enterprise.
BeyondTrust DevOps Secrets Safe is a standalone offering for centralized secrets administration (create, store, access, and audit) designed for the high volume and dynamic workloads found in DevOps environments. The solution helps organizations to secure credentials and other secrets (passwords, API keys, certificates, etc.) used in their continuous integration and continuous delivery (CI/CD) tool chain, applications, automated processes, and other non-human identities.
DevOps Secrets Safe is designed for enterprise teams committed to DevOps best practices and dedicated to applying secure solutions at every step of the process. The solution’s architecture leverages the full stack of Kubernetes as the DevOps deployment platform of choice. This allows our customers flexibility in deployment to meet their business needs (e.g. their preferred cloud provider or on-prem) and to cost-effectively meet enterprise security and compliance requirements.
Alex Leemon, Sr. Product Marketing Manager
Alex Leemon is a Sr. Product Marketing Manager at BeyondTrust, focusing on Privileged Password & Session Management and PAM for Cloud security solutions. She has over fifteen years of experience working with enterprise-level and Critical Infrastructure organizations solving safety and security challenges. Before joining BeyondTrust, Alex served in various roles related to the development of operational technology (OT) products and the Industrial Internet of Things (IIoT).