Virgil  Hagenes

Virgil Hagenes

1598807340

How to Manage Ansible Secrets With Akeyless Vault

In this article, take a look at an open source tool that helps manage Ansible Secrets.

Ansible is an open-source automation tool that is used for configuration management; in addition to the open-source version, Red Hat also offers the enterprise version, Ansible Tower.

There are lots of ways where Ansible requires secrets (credentials, passwords, ssh-keys). in order to operate. One example would be the way Ansible uses SSH keys in order to connect to different nodes, that are called within your playbooks, or API keys, to access resources that you need to configure.

To avoid plain text secrets within Ansible playbooks, Ansible offers an internal vault for secrets management called ‘Ansible Vault’. Even with this functionality, it is preferable to use a centralized solution for managing your passwords, keys, and tokens vs. a single-platform vaulting solution - and here’s why:

Benefits of Using a Centralized Secrets Management Solution

  • Makes secrets management operationally easier
  • Enables simple compliance
  • Achieves great functionality in terms of security

Instead of talking in generalities, let’s see how it works with Akeyless Vault, a unified secrets management platform that works across all DevOps tools.

Operation-wise — you probably work with more tools besides Ansible, such as Jenkins, Kubernetes, and Chef to name a few, and each of these tools has its own secret manager/vault. This forces you to manage multiple ‘islands of secrets’, which is both cumbersome and risky. It should be your choice to avoid this scenario. A centralized secrets management platform allows for clearer visibility and easier management as all your secrets are created and accessed via a single source.

Functionality-wise — most of DevOps tools’ internal secrets management solutions such as Ansible Vault, lack the creation of Just-in-Time Secrets, which enables temporary credentials. The idea behind JIT is that any playbook has on-demand access to a certain resource that ‘dies’ after the playbook completed its run. This is also a crucial functionality for achieving zero-trust implementation.

Security-wise — maintain the least privileges approach by leveraging the ability to completely eliminate the use of SSH keys and employing instead short-lived SSH certificates. This allows for enhanced security since certificates use date ranges to automatically expire. In case of mistakes, misuse, or theft, SSH certificates automatically expire.

Audit-wise — simply put, the centralized solution enables consolidated audit. Instead of finding/collecting audit trails about secret usage from multiple systems, you can get it from a single source. It saves you precious time and relieves much of the compliance hassle.

#open source #security #tutorial #akeyless vault #ansible secrets

What is GEEK

Buddha Community

How to Manage Ansible Secrets With Akeyless Vault
Virgil  Hagenes

Virgil Hagenes

1598807340

How to Manage Ansible Secrets With Akeyless Vault

In this article, take a look at an open source tool that helps manage Ansible Secrets.

Ansible is an open-source automation tool that is used for configuration management; in addition to the open-source version, Red Hat also offers the enterprise version, Ansible Tower.

There are lots of ways where Ansible requires secrets (credentials, passwords, ssh-keys). in order to operate. One example would be the way Ansible uses SSH keys in order to connect to different nodes, that are called within your playbooks, or API keys, to access resources that you need to configure.

To avoid plain text secrets within Ansible playbooks, Ansible offers an internal vault for secrets management called ‘Ansible Vault’. Even with this functionality, it is preferable to use a centralized solution for managing your passwords, keys, and tokens vs. a single-platform vaulting solution - and here’s why:

Benefits of Using a Centralized Secrets Management Solution

  • Makes secrets management operationally easier
  • Enables simple compliance
  • Achieves great functionality in terms of security

Instead of talking in generalities, let’s see how it works with Akeyless Vault, a unified secrets management platform that works across all DevOps tools.

Operation-wise — you probably work with more tools besides Ansible, such as Jenkins, Kubernetes, and Chef to name a few, and each of these tools has its own secret manager/vault. This forces you to manage multiple ‘islands of secrets’, which is both cumbersome and risky. It should be your choice to avoid this scenario. A centralized secrets management platform allows for clearer visibility and easier management as all your secrets are created and accessed via a single source.

Functionality-wise — most of DevOps tools’ internal secrets management solutions such as Ansible Vault, lack the creation of Just-in-Time Secrets, which enables temporary credentials. The idea behind JIT is that any playbook has on-demand access to a certain resource that ‘dies’ after the playbook completed its run. This is also a crucial functionality for achieving zero-trust implementation.

Security-wise — maintain the least privileges approach by leveraging the ability to completely eliminate the use of SSH keys and employing instead short-lived SSH certificates. This allows for enhanced security since certificates use date ranges to automatically expire. In case of mistakes, misuse, or theft, SSH certificates automatically expire.

Audit-wise — simply put, the centralized solution enables consolidated audit. Instead of finding/collecting audit trails about secret usage from multiple systems, you can get it from a single source. It saves you precious time and relieves much of the compliance hassle.

#open source #security #tutorial #akeyless vault #ansible secrets

Christa  Stehr

Christa Stehr

1602964260

50+ Useful Kubernetes Tools for 2020 - Part 2

Introduction

Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.

According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.

(State of Kubernetes and Container Security, 2020)

And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.

(State of Kubernetes and Container Security, 2020)

#blog #tools #amazon elastic kubernetes service #application security #aws kms #botkube #caylent #cli #container monitoring #container orchestration tools #container security #containers #continuous delivery #continuous deployment #continuous integration #contour #developers #development #developments #draft #eksctl #firewall #gcp #github #harbor #helm #helm charts #helm-2to3 #helm-aws-secret-plugin #helm-docs #helm-operator-get-started #helm-secrets #iam #json #k-rail #k3s #k3sup #k8s #keel.sh #keycloak #kiali #kiam #klum #knative #krew #ksniff #kube #kube-prod-runtime #kube-ps1 #kube-scan #kube-state-metrics #kube2iam #kubeapps #kubebuilder #kubeconfig #kubectl #kubectl-aws-secrets #kubefwd #kubernetes #kubernetes command line tool #kubernetes configuration #kubernetes deployment #kubernetes in development #kubernetes in production #kubernetes ingress #kubernetes interfaces #kubernetes monitoring #kubernetes networking #kubernetes observability #kubernetes plugins #kubernetes secrets #kubernetes security #kubernetes security best practices #kubernetes security vendors #kubernetes service discovery #kubernetic #kubesec #kubeterminal #kubeval #kudo #kuma #microsoft azure key vault #mozilla sops #octant #octarine #open source #palo alto kubernetes security #permission-manager #pgp #rafay #rakess #rancher #rook #secrets operations #serverless function #service mesh #shell-operator #snyk #snyk container #sonobuoy #strongdm #tcpdump #tenkai #testing #tigera #tilt #vert.x #wireshark #yaml

Micheal  Block

Micheal Block

1604048400

How to Manage Terraform Secrets with Akeyless Vault

Terraform is an “Infrastructure as a Code” (IaC) platform by Hashicorp that helps design and deploy virtual or cloud infrastructure using a high-level configuration language. With Hashicorp Configuration Language (HCL) based configuration templates, Terraform enables building, remodeling, versioning, and reuse of infrastructure components; forming the foundation of a full infrastructure lifecycle.

To maintain security, Terraform supports:

  • Plain text secrets by leveraging native environment variables
  • Encrypted secrets in a key protected file
  • Integration with a secrets management platform like Akeyless Vault

For enhanced security across Terraform configurations, Akeyless Vault administers on-demand access keys instead of using vulnerable plaintext secrets. With the ability to attribute secrets across multiple third-party platforms (AWS, GCP, Private Cloud, etc.) and used within a Terraform instance, Akeyless acts as a consolidated source for provisioning secrets through your infrastructure.

Benefits of Using a Centralized Secrets Management Solution

With a centralized secrets management platform like Akeyless Vault, Terraform secrets are unified and secured further. Embracing such a platform makes it operationally simpler to maintain compliance and generate access usage visibility.

**Operation-wise: **With a secrets management platform like Akeyless Vault, Terraform leverages the benefit of maintaining a remote-state single source of secrets rather than referring multiple keys for third-party platforms within a single instance.

**Audit-wise: **A centralized secrets manager permits a simple amalgamated audit of secrets. Instead of auditing multiple secret repositories, Akeyless acts as thesingle audit channel for all application secrets, thereby ensuring easy audit compliance.

**Functionality-wise: **Similar to other DevOps tools, Terraform lacks the creation of Just-in-Time (JIT) secrets. With JIT secrets, a user can achieve on-demand access to a Terraform state’s resources based on his access privileges. To solve this, Akeyless generates dynamic secrets on-the-fly that expire on their own, thereby achieving a Zero-Trust implementation.

**Security-wise — **Through Akeyless Vault, relevantly scoped and short-lived secrets are generated Just-in-Time, preventing abuse and theft of access privileges.

How to Fetch a Secret with Akeyless Vault in Terraform

The Akeyless Vault leverages the vault provider to provision and fetch secrets on the fly. Let’s proceed with the simple steps involved in fetching secrets from Akeyless Vault into Terraform.

Prerequisites

1- Sign in or create an account with Akeyless (it’s free) by accessing the following URL: https://console.akeyless.io/register

#terraform #hashicorp #vault #code #secrets

Origin Scale

Origin Scale

1616572311

Originscale Order Management System

Originscale order management software helps to manage all your orders across channels in a single place. Originscale collects orders across multiple channels in real-time - online, offline, D2C, B2B, and more. View all your orders in one single window and process them with a simple click.

#order management system #ordering management system #order management software #free order management software #purchase order management software #best order management software

Securing your secrets using vault in Kubernetes — Part 2

In Part 1 of this series, we have learned how to Install Vault-k8s and enable the Kubernetes Auth Mechanism. In this tutorial let’s learn how automatically inject these secrets into our Kubernetes Deployments/Pods.

I have used Helm to create the manifests files. Helm charts are easier to create, version, share, and publish. Copying-and-Pasting the same manifests across multiple environments can be avoided and the same charts can be re-used by maintaining a different final overrides file.

#hashicorp-vault #kubernetes #vault-k8s #vault #kubernetes-secret