CyberArk Launches Open Source Secrets Management Solution for DevOps

September 6, 2017

Developers Can Rapidly Deploy Applications and Services While Reducing Cyber Risk Throughout the DevOps Pipeline

NEWTON, Mass. and PETACH TIKVA, Israel – September 6, 2017 – CyberArk (NASDAQ: CYBR), the undisputed leader in Privileged Account Security and company that protects organizations from cyber attacks across the enterprise, into the cloud and throughout the DevOps pipeline, today announced the availability of an open source version of CyberArk Conjur. CyberArk Conjur enables DevOps teams to automatically secure and manage secrets used by machines and users to protect containerized and cloud-native applications across the DevOps pipeline.

With increased DevOps adoption comes an expanding attack surface with an exponential set of secrets that insiders and malicious external threat actors can misuse, target and exploit. With CyberArk Conjur, DevOps teams gain the simplicity they need to incorporate security best practices into workflows. Secrets management is easily embedded into the CI/CD process through certified integrations with leading developer toolsets. The open source version of CyberArk Conjur is now available for download from  and GitHub.

“Developers tend to believe that security in development slows them down. Continuous Integration, DevOps practices and automation improves agility, but also introduces security risks, such as storing secrets in source code repositories or leaving credentials sitting around on disk,” said Adrian Lane, CTO, Securosis. “DevOps does not mean we need to capitulate on build security; quite the contrary. We need to automate secrets management into the process as well, and create an audit trail to prove we’re delivering code and services securely.”

CyberArk Conjur is the only platform-independent secrets management solution specifically architected for securing containers and microservices. It can be deployed to any cloud or on-premises environment and supports massive scale. This solution allows DevOps teams to integrate security best practices into their cloud-native application development projects with ease, while giving security teams assurance that security and compliance best practices are being applied to these dynamic environments, without creating new security silos.

“JFrog uses CyberArk Conjur to secure our cloud infrastructure in order to build and deliver DevOps software like Artifactory and Bintray,” said Yoav Landman, co-founder and CTO, JFrog. “JFrog and open source go way back to when we launched the company in 2008 through today where we are providing free repositories and distribution services to millions of open source developers. As a customer, we are pleased to see that CyberArk is making a high quality open source version of Conjur available to the community.”

Expanding Use of Open Source and the Path to More Secure DevOps Adoption

According to 451 Research, there is a clear and quantitative relationship between adoption of open-source software and DevOps success. However, there is a gap in the tools available via the open source community to secure applications leveraging new architectures based on containers and microservices. Many of these tools are exceedingly complex to deploy and create unmanaged security islands. As the market leader and innovator in Privileged Account Security, CyberArk is uniquely qualified to contribute to better security tooling that sets a new industry standard for secrets management, enabling customers to move to a DevOps delivery model that reduces risk without impacting velocity.

“Companies embracing digital transformation are adopting DevOps methodologies and the cloud to bring new services to market at velocity, and open source and community-driven development has become the dominant paradigm,” said Elizabeth Lawler, vice president, DevOps security, CyberArk. “Conjur has benefited and contributed to the open source community throughout its history, so making Conjur available via open source is an opportunity for CyberArk to share its expertise for the betterment of cybersecurity globally.”

CyberArk Conjur enables organizations, regardless of where they are in their DevOps journey, to integrate secrets management and machine identity security into their projects with minimal effort. For customers that require enterprise features or integration with the CyberArk Privileged Account Security Solution, CyberArk offers a seamless upgrade path from the open source version to CyberArk Conjur Enterprise.

Key Resources and Actions:

Additionally, CyberArk’s Elizabeth Lawler is delivering a keynote, “This (DevOps) Changes Everything. Or Not?,” at DevSecCon Boston, September 12, 2017 at 9:30 a.m. EDT.

About CyberArk                                                                                                       

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including more than 50 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit, read the CyberArk blog, or follow on Twitter via @CyberArk, LinkedIn or Facebook.

# # #

Copyright © 2017 CyberArk Software. All Rights Reserved.  All other brand names, product names, or trademarks belong to their respective holders.