Discover Better Value Faster
  • Home
    • CloudNow
    • Blog
  • App Development & Modernization
  • Agile & DevOps
  • Cloud
  • Digital Transformation
  • Data & Analytics
No Result
View All Result
  • Home
    • CloudNow
    • Blog
  • App Development & Modernization
  • Agile & DevOps
  • Cloud
  • Digital Transformation
  • Data & Analytics
No Result
View All Result
Discover Better Value Faster
No Result
View All Result
Home Agile & DevOps

DevOps and the art of keeping secrets

SatyaDev Addeppally by SatyaDev Addeppally
3 years ago
in Agile & DevOps, DevOps
Reading Time: 2 minutes
DevOps and the art of keeping secrets

DevOps and the art of keeping secrets

0
SHARES
513
VIEWS
Share on FacebookShare on TwitterShare on WhatsappShare on LinkedIn

A Forrester study showed that as many as 57% of IT security and business leaders experienced a security incident related to exposed secrets from insecure DevOps processes, and 71% of respondents wanted to centralize automated secrets management solutions into tools that developers can directly use.

DevOps services encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy.

Related articles

6 Best Practices to Secure CI/CD Pipelines Without Slowing Down Development

DevSecOps in the Real World: Deploying a Zero-Finding Secure Infrastructure

Enterprises want fast results. They need to make coding easier and faster, and towards this, some corners may be cut – often at the cost of security. One example is the hard-coding of credentials/passwords, which can make coding easier and faster at the cost of healthy secrets management.

What are secrets in Devops ?

Secrets in DevOps are essentially digital credentials such as usernames and passwords, SSH keys, encryption keys, or API tokens. These digital identifiers, if mismanaged, can result in data breaches and intellectual property theft.

As organizations move to cloud-based development environments, privileged secrets are shared across business ecosystems using automation tools. While this accelerates the pace and agility of computing environments, new security gaps are opened at the interconnections of these systems.

If adequate care is not taken, developers can accidentally leak confidential information through APIs or cryptographic keys on code repositories such as GitHub. In a report from a few years ago, a scan of billions of files from 13% percent of GitHub’s public repositories over six months revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with thousands of new repositories leaking new secrets daily.

The problem is not on code repositories alone, but an overall lack of security hygiene, especially when it comes to secrets which are key to the entire project. There is a risk of secrets sprawl and blind spots, where too many developers have privileged access to key secrets, and/or the DevOps team is not aware of who all have that privileged access.

The solution is to use user-friendly, inexpensive, and well-integrated secrets management tools – which, currently, are used by only 5% of Forrester respondents.

Best Practices to Manage Secrets in DevOps

  1. Using the right tools

First of all, use a secrets management automation tool. All major CSPs provide secret storage in their environment, for example Azure has Keyvault,  AWS has AWS secrets management and GCP has Secret Manager. Your secrets management tool should function as an extension of your Privileged Access Management (PAM). Ensure the tool is centrally managed and developers cannot opt out! Make it as low-effort as possible.

  1. Leverage automation for convenience and safety

Instead of using hard-coded credentials in a particular application code base, secret management within the CSPs environment allows you to call on the required credentials through an API which allows for convenient access to the credentials wherever necessary.  There is no risk of loss or corruption of these credentials as they are maintained and stored within the CSPs and following the security and encryption protocols, placing the responsibility of their safe storage with the CSP.

SecDevops projects have been handled and carried out by the team at CloudNow on several of it’s projects. Call our DevOps experts to find out how this can benefit your next development effort. 

Previous Post

Is app redevelopment costing more than you realize? Here’s 5 ways to minimize technical debt

Next Post

Digital Transformation: More about a cultural shift than a technological move

SatyaDev Addeppally

SatyaDev Addeppally

Enterprising leader with an analytical bent of mind offering a proven history of success by supervising, planning & managing multifaceted projects & complex dependencies; chronicled success with 22 years of extensive experience including international experience.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Next Post
Digital Transformation: More about a cultural shift than a technological move

Digital Transformation: More about a cultural shift than a technological move

APIs, APIs, APIs... avoid the Sprawl!

APIs, APIs, APIs... avoid the Sprawl!

How do I measure ROI on legacy app modernization?

How do I measure ROI on legacy app modernization?

Related Posts

6 Best Practices to Secure CI/CD Pipelines Without Slowing Down Development

6 Best Practices to Secure CI/CD Pipelines Without Slowing Down Development

by SatyaDev Addeppally
3 months ago
Reading Time: 2 minutes

A recent SentinelOne survey found that 84% of companies know they must secure their Continuous Integration and Continuous Deployment (CI/CD) pipelines. 20% have already faced a...

DevSecOps in the Real World: Deploying a Zero-Finding Secure Infrastructure

DevSecOps in the Real World: Deploying a Zero-Finding Secure Infrastructure

by SatyaDev Addeppally
4 months ago
Reading Time: 2 minutes

In today’s fast-evolving technology landscape, ensuring a secure infrastructure is critical. By adopting a combination of practices such as managing API endpoint security, automating configuration management,...

What is Sprint Review ‘participation’? 3 Reasons you need to know, if you don’t!

What is Sprint Review ‘participation’? 3 Reasons you need to know, if you don’t!

by Hareesh M
3 years ago
Reading Time: 2 minutes

In the real world, a sprint is a quick dash at full-throttle. Well, that’s exactly what a sprint is in the world of Scrum, too. Scrum...

Containers: How they can benefit your dev practice!

Containers: How they can benefit your dev practice!

by SatyaDev Addeppally
3 years ago
Reading Time: 2 minutes

Over half of Fortune 100 companies have embraced the use of containers, and the numbers are growing faster than ever. Google, for instance, starts over two...

Standards vs Standardization in DevOps

Standards vs Standardization in DevOps: The fine line between streamlining processes and hindering innovation

by SatyaDev Addeppally
4 years ago
Reading Time: 3 minutes

Standards in DevOps DevOps Standards refer to best practices to follow; defining these standards involves putting together a set of foundational IT principles, and creating a...

Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the
latest news and updates from our team.

Polls

Thanks for reading.
On which of the following topics would you like to see more content from CloudNow in the future?

View Results

Loading ... Loading ...
  • Polls Archive

Recommended Post

Digital transformation in CX: The next frontier
Digital Transformation

Digital transformation in CX: The next frontier

3 years ago
The role of Blockchain technology in the Software Development Lifecycle
Others

The role of Blockchain technology in the Software Development Lifecycle

2 years ago
Nail your Agile Scrum projects with the right tools for the job
Agile & DevOps

Nail your Agile Scrum projects with the right tools for the job

4 years ago
Securing Your SaaS Applications
Cloud

Securing Your SaaS Applications

6 years ago

Solutions

  • Cloud Advisory
  • Migration & Deployment
  • Application Development & Modernization
  • DevOps
  • Testing as a Service
  • Managed Services
  • Data & Analytics
  • API Ecosystem
  • User Lifecycle Management

Industries

  • Financial Services Industry
  • Retail Industry
  • Healthcare Industry
  • Manufacturing Industry

Resources

  • Banking
  • Capital Markets
  • High Growth
  • Blogs

Company

  • Our Story
  • Why CloudNow
  • Partners
  • Careers
  • Contact Us

Contact

  • USA : +1 803 746 7178
  • IND : 044-24619130
  • info@cloudnowtech.com

© 2023 CloudNowTech

  • About
  • Privacy Policy
  • Contact
No Result
View All Result
  • All Blogs
  • Application Development & Modernization
  • Agile & DevOps
  • Cloud
  • Digital Transformation
  • Data & Analytics
  • Quality Assurance

© 2023 CloudNowTech

Subscribe To Our Newsletter

Join our mailing list to receive the
latest news and updates from our team.

Thank You

Thank you for reaching out. We have received your inquiry.
One of our team members will get in touch with you shortly.

Contact Us
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?