Product Integration Facilitates Enterprise Secrets Management
March 14, 2018 | DevOps | Chris Smith
- Automatically replicate secrets from the CyberArk Enterprise Password Vault to CyberArk Application Access Manager
- Use the CyberArk Enterprise Password Vault to manage and automatically rotate secrets in DevOps environments, based on policies established for the CyberArk Enterprise Password Vault
CyberArk Application Access Manager is a powerful secrets management solution specifically designed for the high velocity and dynamic needs of DevOps environments and CI/CD (Continuous Delivery, Continuous Integration) pipelines in enterprise-class environments. To help ensure the security of DevOps environments, the solution incorporates essential principals including: machine identity, least privilege, role-based access control, as well as segregation of duties for both human and non-human users (e.g., containers, micro-services, scripts and machines).
CyberArk Application Access Manager is also integrated with leading DevOps tools including Ansible, Jenkins, Docker, Chef and Puppet, enabling these tools to access and use secrets and credentials managed by CyberArk Application Access Manager. Secrets and credentials can be consistently managed across DevOps environments regardless of the secrets management capabilities of the native DevOps tools – which can vary significantly and are not always enterprise ready, for example, some are missing rotation and audit capabilities. Importantly, this solution eliminates “islands of security” created when the individual DevOps tools cannot securely share secrets with each other.
The above capabilities don’t require the CyberArk Privileged Account Security Solution or the CyberArk Enterprise Password Vault integration. The capabilities have been available for some time and are used by enterprises to secure their DevOps environments and CI/CD pipelines. Now, the excitement is that, with this integration, customers with the CyberArk Privileged Account Security Solution can extend the capabilities and policies used by the CyberArk Enterprise Password Vault into their DevOps environments.
Key Benefits of the Integration
The CyberArk Application Access Manager integration with the CyberArk Enterprise Password Vault provides several important benefits:
- Organizations get additional value from their investments in the CyberArk Privileged Account Security Solution. For example, CyberArk customers wanting to take advantage of DevOps methodologies can now leverage their technology, policy and other investments in privileged account security solutions to help protect their DevOps environments. With the integration, customers can also use CyberArk Privileged Session Manager for monitoring and isolating sessions in their DevOps environments.
- Enterprises can consistently manage secrets and credentials. The integration enables enterprises to get closer to implementing centralized, policy-based enforcement including rotation and monitoring of secrets across mixed development and compute environments. For example, CyberArk offers the only solution that enables enterprises to establish a single control point to consistently manage secrets across on-premises, hybrid, cloud native and DevOps environments.
- Simplified deployment for developers, security and operations. As with CyberArk Application Access Manager in a stand-alone environment, developers are able to easily meet security requirements by using APIs and code to secure secrets and access credentials without impacting velocity. Now, with the integration, credentials and secrets can be managed and automatically rotated based on policies established within the CyberArk Privileged Account Security Solution. This helps security teams simplify management of DevOps environments as they can leverage the existing tools and policies they are already familiar with. Security functions can focus on the central management of secrets via the CyberArk Enterprise Password Vault, while developers and DevOps teams can work with the native tools/APIs and “as code” capabilities of Conjur. This enables central policy enforcement for DevOps use cases including rotation and monitoring.
The integration also includes a new Synchronizer for replicating secrets from CyberArk Enterprise Password Vault to CyberArk Application Access Manager. Keeping the secrets updated is designed to provide enterprise-class scalability and availability. The CyberArk Enterprise Password Vault and CyberArk Application Access Manager integration currently supports CyberArk Core Privileged Account Security Solutions V9.5 and higher and is currently available as beta with General Availability planned for the end of March 2018. Contact sales for information and access to the beta solution.
To learn more, contact sales, visit CyberArk.com/Conjur or register for our April 11th webinar to learn what’s new in the CyberArk Privileged Account Security Solution v10.2. We’ll also cover the integration of CyberArk Application Access Manager with the CyberArk Enterprise Password Vault.