{"id":3237,"date":"2022-01-19T14:42:08","date_gmt":"2022-01-19T09:12:08","guid":{"rendered":"https:\/\/www.cloudnowtech.com\/blog\/?p=3237"},"modified":"2022-02-04T15:36:26","modified_gmt":"2022-02-04T10:06:26","slug":"devops-and-the-art-of-keeping-secrets","status":"publish","type":"post","link":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/","title":{"rendered":"DevOps and the art of keeping secrets"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/www.centrify.com\/resources\/analyst-reports\/2021-forrester-survey-report-highlights-devops-security-risks-solutions\/\"><span style=\"font-weight: 400;\">Forrester<\/span><\/a><span style=\"font-weight: 400;\"> study showed that as many as 57% of IT security and business leaders experienced a security incident related to exposed secrets from insecure <a href=\"https:\/\/www.cloudnowtech.com\/devops-services.html\">DevOps<\/a> processes, and 71% of respondents wanted to centralize automated secrets management solutions into tools that developers can directly use.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/www.cloudnowtech.com\/devops-services.html\">DevOps services<\/a> encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Enterprises want fast results. They need to make coding easier and faster, and towards this, some corners may be cut &#8211; often at the cost of security. One example is the hard-coding of credentials\/passwords, which can make coding easier and faster at the cost of healthy secrets management.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">What are secrets in Devops ?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Secrets in DevOps are essentially digital credentials such as usernames and passwords, SSH keys, encryption keys, or <a href=\"https:\/\/www.cloudnowtech.com\/blog\/apis-the-building-blocks-of-modern-technologies-and-businesses\/\">API tokens<\/a>. These digital identifiers, if mismanaged, can result in data breaches and intellectual property theft.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As organizations move to <a href=\"https:\/\/www.cloudnowtech.com\/blog\/why-you-need-to-future-proof-your-enterprise-with-hybrid-cloud-computing\/\">cloud-based development environments<\/a>, privileged secrets are shared across business ecosystems using automation tools. While this accelerates the pace and agility of computing environments, new security gaps are opened at the interconnections of these systems.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If adequate care is not taken, developers can accidentally leak confidential information through APIs or cryptographic keys on code repositories such as GitHub. In a <\/span><a href=\"https:\/\/www.zdnet.com\/article\/over-100000-github-repos-have-leaked-api-or-cryptographic-keys\/\"><span style=\"font-weight: 400;\">report<\/span><\/a><span style=\"font-weight: 400;\"> from a few years ago, a scan of billions of files from 13% percent of GitHub\u2019s public repositories over six months revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with thousands of new repositories leaking new secrets daily.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The problem is not on code repositories alone, but an overall lack of security hygiene, especially when it comes to secrets which are key to the entire project. There is a risk of secrets sprawl and blind spots, where too many developers have privileged access to key secrets, and\/or the DevOps team is not aware of who all have that privileged access.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The solution is to use user-friendly, inexpensive, and well-integrated secrets management tools &#8211; which, currently, are used by only 5% of Forrester respondents.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Best Practices to Manage Secrets in DevOps<\/span><\/h3>\n<ol>\n<li><b> Using the right tools<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">First of all, use a secrets management automation tool. All major CSPs provide secret storage in their environment, for example Azure has Keyvault,\u00a0 AWS has AWS secrets management and <a href=\"https:\/\/www.cloudnowtech.com\/gcp-managed-services.html\">GCP<\/a> has Secret Manager. Your secrets management tool should function as an extension of your Privileged Access Management (PAM). Ensure the tool is centrally managed and developers cannot opt out! Make it as low-effort as possible.<\/span><\/p>\n<ol start=\"2\">\n<li><b> Leverage automation for convenience and safety<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Instead of using hard-coded credentials in a particular application code base, secret management within the CSPs environment allows you to call on the required credentials through an API which allows for convenient access to the credentials wherever necessary.\u00a0 There is no risk of loss or corruption of these credentials as they are maintained and stored within the CSPs and following the security and encryption protocols, placing the responsibility of their safe storage with the CSP.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">SecDevops projects have been handled and carried out by the team at CloudNow on several of it\u2019s projects. <a href=\"https:\/\/www.cloudnowtech.com\/contact-us.html\">Call our DevOps experts <\/a>to find out how this can benefit your next development effort.\u00a0<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Forrester study showed that as many as 57% of IT security and business leaders experienced a security incident related to exposed secrets from insecure DevOps processes, and 71% of respondents wanted to centralize automated secrets management solutions into tools that developers can directly use. DevOps services encourage automation in order to achieve scale, but [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":3238,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[278,36],"tags":[127,131,133,325],"class_list":["post-3237","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-agile-devops","category-devops","tag-devops","tag-devops-practices","tag-devops-services","tag-it-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>DevOps and the art of keeping secrets - Discover Better Value Faster<\/title>\n<meta name=\"description\" content=\"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DevOps and the art of keeping secrets - Discover Better Value Faster\" \/>\n<meta property=\"og:description\" content=\"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/\" \/>\n<meta property=\"og:site_name\" content=\"Discover Better Value Faster\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-19T09:12:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-04T10:06:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&#038;ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1141\" \/>\n\t<meta property=\"og:image:height\" content=\"761\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SatyaDev Addeppally\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#website\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/\",\"name\":\"Discover Better Value Faster\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cloudnowtech.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1\",\"contentUrl\":\"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1\",\"width\":1141,\"height\":761,\"caption\":\"DevOps and the art of keeping secrets\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#webpage\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/\",\"name\":\"DevOps and the art of keeping secrets - Discover Better Value Faster\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#primaryimage\"},\"datePublished\":\"2022-01-19T09:12:08+00:00\",\"dateModified\":\"2022-02-04T10:06:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/2e76f56977117c409772392b0ced58c6\"},\"description\":\"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cloudnowtech.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DevOps and the art of keeping secrets\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/2e76f56977117c409772392b0ced58c6\",\"name\":\"SatyaDev Addeppally\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudnowtech.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2021\/11\/sathyadev-96x96.jpg\",\"contentUrl\":\"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2021\/11\/sathyadev-96x96.jpg\",\"caption\":\"SatyaDev Addeppally\"},\"description\":\"Enterprising leader with an analytical bent of mind offering a proven history of success by supervising, planning &amp; managing multifaceted projects &amp; complex dependencies; chronicled success with 22 years of extensive experience including international experience.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/satyadevaddepally\/\"],\"url\":\"https:\/\/www.cloudnowtech.com\/blog\/author\/satyadev-a\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DevOps and the art of keeping secrets - Discover Better Value Faster","description":"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/","og_locale":"en_US","og_type":"article","og_title":"DevOps and the art of keeping secrets - Discover Better Value Faster","og_description":"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps","og_url":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/","og_site_name":"Discover Better Value Faster","article_published_time":"2022-01-19T09:12:08+00:00","article_modified_time":"2022-02-04T10:06:26+00:00","og_image":[{"width":1141,"height":761,"url":"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"SatyaDev Addeppally","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.cloudnowtech.com\/blog\/#website","url":"https:\/\/www.cloudnowtech.com\/blog\/","name":"Discover Better Value Faster","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cloudnowtech.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#primaryimage","inLanguage":"en-US","url":"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1","contentUrl":"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1","width":1141,"height":761,"caption":"DevOps and the art of keeping secrets"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#webpage","url":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/","name":"DevOps and the art of keeping secrets - Discover Better Value Faster","isPartOf":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#primaryimage"},"datePublished":"2022-01-19T09:12:08+00:00","dateModified":"2022-02-04T10:06:26+00:00","author":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/2e76f56977117c409772392b0ced58c6"},"description":"DevOps practices encourage automation in order to achieve scale, but security is traditionally manual, gate-driven, and process-heavy. Here are a few best practices for secure secrets management in DevOps","breadcrumb":{"@id":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudnowtech.com\/blog\/devops-and-the-art-of-keeping-secrets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cloudnowtech.com\/blog\/"},{"@type":"ListItem","position":2,"name":"DevOps and the art of keeping secrets"}]},{"@type":"Person","@id":"https:\/\/www.cloudnowtech.com\/blog\/#\/schema\/person\/2e76f56977117c409772392b0ced58c6","name":"SatyaDev Addeppally","image":{"@type":"ImageObject","@id":"https:\/\/www.cloudnowtech.com\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2021\/11\/sathyadev-96x96.jpg","contentUrl":"https:\/\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2021\/11\/sathyadev-96x96.jpg","caption":"SatyaDev Addeppally"},"description":"Enterprising leader with an analytical bent of mind offering a proven history of success by supervising, planning &amp; managing multifaceted projects &amp; complex dependencies; chronicled success with 22 years of extensive experience including international experience.","sameAs":["https:\/\/www.linkedin.com\/in\/satyadevaddepally\/"],"url":"https:\/\/www.cloudnowtech.com\/blog\/author\/satyadev-a\/"}]}},"jetpack_featured_media_url":"https:\/\/i2.wp.com\/www.cloudnowtech.com\/blog\/wp-content\/uploads\/2022\/01\/Blog-77.jpeg?fit=1141%2C761&ssl=1","_links":{"self":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/comments?post=3237"}],"version-history":[{"count":6,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3237\/revisions"}],"predecessor-version":[{"id":3266,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/posts\/3237\/revisions\/3266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/media\/3238"}],"wp:attachment":[{"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/media?parent=3237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/categories?post=3237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudnowtech.com\/blog\/wp-json\/wp\/v2\/tags?post=3237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}