Cloud service providers offer APIs that enable DevOps engineers to automate the management of their infrastructure. However, the accounts used to access these APIs are highly privileged, making them a primary target for attackers. Automated workflows typically only need a short window of access to accomplish a specific task, and the persistence of privileged accounts outside of this window represents an unnecessary risk of credential misuse or theft.
DevOps Secrets Safe dynamically generates API accounts with a just-in-time model for privileged access. These accounts are created and removed by the solution as needed, eliminating the need for persistent accounts, and significantly shrinking the window of credential exposure. By automatically brokering access to cloud environments through DevOps Secrets Safe, organizations can eliminate persistent accounts and significantly reduce the security footprint of their automated workflows, all while simplifying access controls for their cloud infrastructure.
In this release, BeyondTrust has also introduced a built-in time-based one-time password (TOTP), with a native two-factor authentication workflow for all DevOps Secrets Safe users. This functionality is essential to ensure every account is protected. A Kubernetes Sidecar is also included in 20.4, which enables DevOps Secrets Safe to retrieve secrets on behalf of application containers on a defined interval, keeping them up to date with the latest available secret.
“Organizations are increasingly leveraging dynamic cloud-based infrastructure and require strong security around secrets and privileged accounts for managing ever-changing cloud assets,” states Dan DeRosa, Chief Product Officer at BeyondTrust. “DevOps Secrets Safe provides the risk protection they need for their highly privileged accounts. BeyondTrust continues to enable our customers’ migration to the cloud and the adoption of new technology stacks, like the DevOps ecosystem of third-party and open-source tools.”
Industry analysts recommend securing these privileged accounts with a centralized secrets management solution that is purpose-built for security, but doesn’t introduce friction into automated processes, keeping DevOps as agile as possible. This approach helps to reduce the risk of exposure, without slowing down the application delivery process.
DevOps Secrets Safe is a highly scalable and highly available solution that provides centralized storage, retrieval, and audit of secrets and credentials. It eliminates the need to embed or hardcode passwords or other secrets, within code or scripts. The DevOps Secrets Safe unique architecture is built on Docker containers targeting Kubernetes for deployment and facilitates rapid deployment and fast time-to-value.
DevOps Secrets Safe offers the following:
- Securely store and centrally manage credentials and secrets (e.g., passwords, API keys, certificates, etc.) for DevOps workflows
- Scalable and highly available, DevOps Secrets Safe is built on a modern architecture to facilitate rapid deployment and high-availability – out-of-the-box
- The REST API-first approach supports integration with CI, CD, and CLI tools for easy and agile interaction
- Securely broker access to cloud environments and audit every action