Certificate-based authentication and TTL for all cloud platforms
Sara Shuman
DevOps is a world of machines. To access systems and data, secrets are exchanged between all types of machines, including databases and applications for software and infrastructure deployment, testing, orchestration, configuration, and Robotic Process Automation (RPA).
The speed and scale of DevOps require secrets to be created instantly, tracked incessantly, and eliminated when no longer needed. The latest enhancements to DevOps Secrets Vault make Secret management even faster and easier.
Certificate-based authentication for machines
With this latest release, you can use certificate-based authentication for enhanced security and easier Secret management. Digital certificates will identify a machine in the DevOps workflow before granting access to a resource, network, or application.
Unlike authentication solutions designed for people, such as biometrics and one-time passwords (OTP), certificates are purpose-built for machines like those used in the CI/CD pipeline. Certificates are stored locally and securely, which alleviates the headache of managing passwords and distributing, replacing, and revoking tokens.
Time-to-Live (TTL) eliminates standing secrets
“The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high,” Gartner warned in their report Remove Standing Privileges Through a Just-in-Time PAM Approach. Their recommendation was to implement a “standing privileges strategy through a just-in-time model.”
DevOps Secrets Vault has long supported time-bound, automatically expiring secrets for AWS and Azure. Our latest release extends this capability to the Google Cloud Platform. Now, no matter which cloud platform you prefer you can set a pre-determined time for secrets to expire automatically. Even if these ephemeral secrets are leaked, any would-be attacker is limited in what they can do and has a limited window in which to do it.
Try the latest enhancements to DevOps Secrets Vault
We’re excited for you to try the latest version of DevOps Secrets Vault, free for 30 days.
Manage DevOps secrets safely