DevOps Secrets Safe Performance
DevOps Secrets Safe architecture was designed from inception to provide flexibility and scalability. The system is made up of a series of distributed services deployed as containers using Kubernetes. By its nature, the performance of the system varies greatly depending on the environment it is running in. To provide an idea of the performance that can be expected from the system, a reference deployment was used to gather performance statistics.
Secrets Safe Test Scenario
A test scenario was created using jmeter. Jmeter used 200 threads to simultaneously iterate over a list of users. For each user in the list, an authentication was performed and a secret was retrieved. The test continued iterating over the list of users for a period of ten minutes.
The following data was loaded into DevOps Secrets Safe prior to the execution of the test. After the data was loaded the resulting database was approximately 100 MB in size.
- 20,000 secrets, each 1024 bytes in size
- 1000 local user accounts
- Access to the secrets was granted to each user
All audit, logs, and performance telemetry generated by Secrets Safe during the test are forwarded to an external Elasticsearch instance.
Deployment Environments
DevOps Secrets Safe was tested in both a cloud hosted as well as an on premise virtualized environment.
Azure Environment
The Azure environment consisted of the following resources:
Service | Version | VM Host Specs |
---|---|---|
Azure Kubernetes | 1.14.8 |
|
Azure Database for PostgreSQL | 11 |
|
Using this configuration DevOps Secrets Safe can handle approximately 270 incoming secret requests per second or approximately 170,000 requests over a 10 minute period.
On-Premises ESXi Environment
The on-premises environment consisted of the following resources:
Service | Version | VM Host Specs |
---|---|---|
Kubernetes cluster | 1.15.5 |
|
PostgreSQL | 10.10 |
|
Using this configuration DevOps Secrets Safe can handle approximately 270 incoming secret request per second or approximately 170,000 request over a 10 minute period.
Audit Volume
Action | Number of Audit Events |
---|---|
User Authentication | 3 |
Secret Reterival | 3 |
Full Performance test | ~500,000 (325 MB in Elasticsearch) |
Conclusions
The performance of DevOps Secrets Safe’s reference deployment should be enough for most small to medium-sized customers. For larger customers, some further horizontal scaling may be required. Due to DevOps Secrets Safe's underlying architecture, this is easily achievable by adding additional Kubernetes nodes and increasing the number of replicas for the appropriate services.