Tuesday, July 19, 2022

Cyberark Conjur - why you (probably) need an enterprise secrets manager

Security is always a complex topic to address because an error or omission in the processes can lead to serious economic or brand reputation damage for a company.

As secrets we could consider the following examples:
  • usernames
  • database passwords
  • SSL certificates and keys
  • SSH Keys
  • cloud credentials 

reading the list of what could be considered a secret could easily explain why this topic needs to be considered and handled in the correct way.

Some of the bad practices or risk related could include:
  • hardcoded secrets in the code
  • data-breach
  • password leak
  • secrets pushed in public repository
with practice like lateral movement, only one secret compromised could be enough to compromise an environment. 

To help and prevent bad situations and risks there are tools named "enterprise secrets manager" and now I'd like to start a series of posts about  Cyberark Conjur on this blog.

Conjur permits getting rid of the direct use of the secrets and using a set of API rest is a programmable tool and could be accessed using URL or open source tools. 
The security is granted through security policies without slowing the speed of the developers involved.

The whole corporate security could be improved with the use of rotators that are able to programmatically change secrets value. 

In case other Cyberark software like Pas Vault Conjur is already implemented, Conjur could be integrated using the Synchroniser component giving the usual level of security to the Cloud native infrastructure.


Conjur it's available in 2 different versions, enterprise and opensource with some different functionality.

During the next posts, I will explain details about architecture, secrets management, and product news . 


No comments:

Post a Comment