With the release of v20.4, DevOps Secrets Safe builds on its secrets management capabilities by dynamically generating accounts to access APIs and enable DevOps engineers an automated way of managing cloud infrastructure. By brokering access to cloud environments through DevOps Secrets Safe, organizations can drastically reduce the security footprint of their automated workflows.
Every cloud service provider offers an extensive API that enables DevOps engineers with an automated way of managing their entire infrastructure. The accounts used to access these APIs are considered highly privileged, are primary targets for attackers, and, therefore, should be protected. Industry analysts have recommended securing these accounts with a centralized secrets management solution that can store these sensitive API keys used for access. In v20.4, DevOps Secrets Safe builds on its secrets management capabilities by dynamically generating these API accounts with a just-in-time model for privileged access.
Automated DevOps workflows typically need only a short window of access to accomplish a specific task. The persistence of a privileged account outside of this window represents a vulnerability for your infrastructure and introduces unnecessary risk. Now, your organization can leverage DevOps Secrets Safe to reduce your windows of vulnerability by eliminating persistent privileged access (i.e. standing privileges).
Other exciting new features in this release include:
Native 2FA Support
DevOps Secrets Safe already offered the protection of multi-factor authentication through 3rd-party integrations. In v20.4, we have introduced a built-in, time-based, one-time password (TOTP) 2FA workflow for all DevOps Secrets Safe users. This native 2FA capability ensures that every account can be protected, regardless of type or availability of other external dependencies.
The DevOps Secrets Safe integration with Kubernetes enables service accounts as identities for access to secrets. It also provides a simple init container for interacting directly with DevOps Secrets Safe on behalf of the application container at startup.
In some situations, the secrets provided to an application may need to be updated during the lifecycle of the applications container. For these instances, the BeyondTrust secrets agent container can be defined as a sidecar, retrieving secrets on a defined interval. This keeps your application up-to-date with the latest available secret.
Building on our Enterprise-level Secrets Management Solution
BeyondTrust continues to evolve the capabilities of DevOps Secrets Safe to meet a challenging privileged access management landscape and help customers advance their digital transformation projects.
DevOps Secrets Safe enables centralized secrets administration (create, store, access, and audit) designed for the high-volume and dynamic workloads found in DevOps environments. DevOps Secrets Safe helps organizations to secure credentials and other secrets (passwords, API keys, certificates, etc.) used by applications, automated processes, and other non-human identities in their continuous integration and continuous delivery (CI/CD) tool chain, runtime environments, and other automated processes.
DevOps Secrets Safe is designed for enterprise teams committed to DevOps security best practices and dedicated to applying secure solutions at every step of the process. The solution’s architecture leverages the full stack of Kubernetes as the DevOps deployment platform of choice. This allows our customers flexibility in deployment to meet their business needs (e.g., their preferred cloud provider or on-prem) and to cost-effectively meet enterprise security and compliance requirements.
Learn more here: