The CyberArk Application Identity Manager integrated with Aqua Security provides automated, secure secrets delivery to containerized applications. Secrets that are secured and managed by the CyberArk Enterprise Password Vault are delivered securely into runtime containers as and when needed using the Aqua solution. Secrets are automatically rotated based on an organization’s security policy, without the need to stop or restart the running container.
The integrated CyberArk and Docker solution enables organizations to automatically provision, secure and manage secrets used by containerized applications/services. The joint solution helps ensure secrets are kept out of source control so they are never hard-coded into images. Permissions to retrieve secrets are rigorously controlled, so that only authenticated apps/services are granted access to sensitive resources. Finally, all secrets related activity is logged for audit purposes.
The integrated CyberArk and Jenkins solution delivers automated secrets protection throughout the DevOps pipeline. Using Jenkins, secrets are automatically provisioned within the CyberArk solution. Further, secrets used by Jenkins are secured and rotated by CyberArk based on an organization’s policy.
The integrated CyberArk and Ansible solution enables secrets-protected configuration processes. This is achieved using Ansible to automatically provision secrets used by machine identities (e.g. applications, containers, micro-services and EC2 instances) within the CyberArk solution for enhanced protection and management. Further, secrets used by Ansible are secured and rotated by the CyberArk solution based on an organization’s policy.
The CyberArk-Chef cookbook enables developers to automatically provision accounts and apply secrets to nodes that are managed by Chef. Secrets, used by both users and machines (e.g. cookbooks, Chef recipes) are secured and managed automatically. Further, any access to secrets, SSH logins/logouts and Sudo calls, are all logged and stored in a tamper-proof audit record vault.