As secrets we could consider the following examples:
- database passwords
- SSL certificates and keys
- SSH Keys
- cloud credentials
reading the list of what could be considered a secret could easily explain why this topic needs to be considered and handled in the correct way.
Some of the bad practices or risk related could include:
- hardcoded secrets in the code
- password leak
- secrets pushed in public repository
with practice like lateral movement, only one secret compromised could be enough to compromise an environment.
To help and prevent bad situations and risks there are tools named "enterprise secrets manager" and now I'd like to start a series of posts about CyberArk Conjur on this blog.
Conjur permits getting rid of the direct use of the secrets and using a set of API rest is a programmable tool and could be accessed using URL or open source tools.
The security is granted through security policies without slowing the speed of the developers involved.
The whole corporate security could be improved with the use of rotators that are able to programmatically change secrets value.
In case other Cyberark software like Pas Vault Conjur is already implemented, Conjur could be integrated using the Synchroniser component giving the usual level of security to the Cloud native infrastructure.
Conjur it's available in 2 different versions, enterprise and opensource with some different functionality.
During the next posts, I will explain details about architecture, secrets management, and product news .