DEVOPS SECURITY BLOG

Kubernetes has come a long way since its inception. But as the adoption of containerization has grown, Kubernetes security continues…

Applications need secrets to connect to other machines and services – API keys, SSH keys, session tokens, database connection strings…the…

Conjur Open Source is a robust secrets management tool to manage, audit, and control access across multiple platforms. Let’s explore…

The Ansible Tower integration with CyberArk Conjur allows users and administrators to map sensitive credentials (like passwords, SSH private keys,…

Secrets management assists organizations in authenticating applications and checking clients before allowing them to access sensitive information, systems, and services….

No matter their occupation, nobody likes to do the same set of tasks repetitively — especially when automation is an…

Many organizations are now deploying their containerized applications in Kubernetes clusters to achieve highly available, automatically orchestrated solutions. Often, however,…

The Conjur OpenAPI is a language agnostic API description standard that allows for both human and machine users to investigate…

Red Hat OpenShift is a Kubernetes-based platform for container orchestration. OpenShift differentiates itself from Kubernetes through features such as tight…

By default, Kubernetes uses Base64 encoding to store information such as application credentials, keys, and certificates. Unfortunately, this Base64 encoding…

Knative is the de facto standard for running serverless workloads in Kubernetes. But what do you do when your Knative…

Businesses need to provide flexible access to services that scale efficiently while always protecting customer data. Technologies like microservices and…

Mainstream technology enterprises widely use Kubernetes. It’s an extendable, lightweight, open-source container orchestration platform. This popular platform has an ever-expanding…

Red Hat OpenShift is one of the most popular and powerful enterprise container orchestration platforms.  All container orchestration solutions let…

In recent years, there is a trend toward so-called low-code and no-code platforms. While no-code platforms often appeal to businesses…

In today’s world of cloud environments, deployments often use infrastructure as code (IaC). IaC deployments use a domain-specific language (DSL)…

With technology becoming a central part of our daily lives, we need to keep information safe from an equally rapidly…

Editor’s Note:  Please be aware that K3 is not officially supported on Conjur and the contents of this tutorial are…

Cloud-native applications use resources available to them online, on a public cloud platform, or hosted on-premises. IT teams apply policies…

Most secrets management solutions rely on a master key or “secret zero” that can unlock other credentials. The problem is…

In the first and second articles of this series, we discussed managing the information needed to build and test applications….

The first article in this series discussed the value of integrating Conjur with Jenkins. This article focuses on implementing Conjur…

Handling secrets in cloud-native environments is a challenge for many organizations. Virtually any application requires some sort of secret, such…

Jenkins is a versatile platform for implementing continuous integration and continuous delivery (CI/CD) processes to develop applications. Using plugins, Jenkins…

Kubernetes is a popular choice for microservices because it provides scalable, portable, efficient deployment and reduces most DevOps overhead. Generally,…

Maintaining secrets in a secure way is an important — though often overlooked — aspect of security. DevOps security often…

While you are probably using IAM and CIAM at work and home, you might not know what they are or…

Managing cloud infrastructure isn’t a simple task at the best of times. From initial provisioning and configuration to maintenance and…

Conjur provides excellent policy and command examples. The Getting Started with Conjur guides and Conjur Documentation should be your first…

Secrets Management Policy Management through Java Spring Boot and Conjur The primary task of a secrets management administrator is to…

DevOps teams rely heavily on their CI/CD configuration tools to automate processes, accelerate delivery timelines and innovate at high velocity….

Organizations are migrating and deploying new workloads in cloud environments much more rapidly than ever, instead of expanding traditional on-premises…

Learning is fun, and the best way to learn is through hands-on exercises. That’s why Conjur provides some tutorials to…

The Conjur REST API is now available as an open-source OpenAPI definition. This effort creates new avenues for API exploration,…

The recent SolarWinds breach prompted many organizations to take a hard look at their current cybersecurity practices, and get back…

Secret management is essential for ensuring an organization’s cybersecurity. In this era, when users share valuable information with service providers,…

Lambda functions are a great way to build a microservices application without the need to provision or manage servers. You…

Building a secure AWS environment requires applying security principles and guidelines around the way credentials and sensitive information are shared…

Conjur controls access to secrets using role-based access control (RBAC). We cover this in detail in Policy Concepts, but, to…

In today’s day and age, it’s hard to overstate the importance of data. Every day organizations throughout the world build…

Keeping secrets safe is quite an important aspect of managing an application. One that is often ignored until it’s too…

Almost every application needs to deal with secrets in one way or another, to authenticate with a backend database or…

Centralized secrets management addresses important DevOps security attack vectors such as secret sprawl and security islands, but it could help introduce…

Since the earliest attempts at application development, programmers have needed to include credentials as part of their application. Connecting an…

Since our first release of the Conjur Open Source Suite (OSS) aimed at helping development teams make the most of our secrets management…

Keeping your applications and infrastructure secure is a significant concern for most organizations. But you need to balance the inertia…

The Challenge Secrets – or privileged credentials that act as “keys”– are essential in Kubernetes environments. Kubernetes pods and their…

Software and infrastructure architecture are quickly evolving into cloud environments. With this migration, Infrastructure as Code (IaC) is melding with…

Container security becomes even more important as container adoption increases the attack surface for nefarious hackers seeking to exploit insecure…

Application Security Overview Good application security (AppSec) prevents unauthorized access and modifications to apps by controlling access to sensitive information…

One concept that doesn’t always come to mind when we think of automated application testing is secrets management. That being…

Kubernetes is a great orchestration tool for your containerized applications and Amazon’s Elastic Kubernetes Service (EKS) provides an easy way…

Application architecture hasn’t really changed all that much over the last 50 years. While we have gone from client-server to…

How will quantum computing change secrets management? That seems like a pertinent question to ask, now that Google has claimed…

After much hard work, our team is pleased to announce the release of our new v3 of CyberArk/Conjur Puppet module…

The technology world has always relied heavily upon applications with some form of state, especially during the previous era of…

In many ways, on-call duty and secrets management might seem to occupy pretty different parts of the IT universe. When…

Once upon a time, access management was a simple thing. It focused mostly on making sure that the right users…

What is Secretless? Connecting to APIs has become a standard part of application development. As developers, we regularly use APIs…

The ability to consume external resources “on-the-fly,” is a core capability of cloud-native architecture, one that comes with a prerequisite…

It’s not an exaggeration to say that enterprise ready machine identity frameworks are in greater need than before. This is…

For many organizations, open source software (OSS) has become a must-have tool in their digital transformation toolboxes—what’s more, it’s fundamentally transforming the way software is…

One of the most important aspects of today’s cloud infrastructures is secrets management. There are many possible solutions, all of…

Applications often need to hold secrets. Connection strings, passwords, certificates, and other credentials are among the information applications may need…

Secrets management is a critical problem for developers, especially for teams adopting DevOps practices. Until recently, it was the IT…

Lessons from the Stage Software Development isn’t all drama, but I learned a lot from my time volunteering with various…

Visibility is a key requirement when working with containers and microservices, especially in complex environments where it’s hard to keep…

When we talk about Secrets Management and handling secrets, we ought to think about all the users of the system…

The role of the developer has changed a great deal in recent years. Application architectures now include microservices, distributed systems,…

Machine-to-machine communication is very important in today’s business-in-the-cloud. A lot of credentials and secrets are used and shared by non-human…

Who knew that you could reasonably split logs in bash scripts without sacrificing the UX? I certainly didn’t! At least…

Some GitHub repositories don’t just contain code – they contain passwords, API tokens, and credentials. The worst part? These are…

I would like to take a moment to talk about the exciting work our team has done to improve the…

When you’re building an app that will be deployed in someone else’s environment, building it so that it’s easy to…

The goal of modern applications and services is to provide the best possible experience for our users, in a secure…

Online demos and tutorials are a great way to introduce Kubernetes-native applications to potential users and collaborators. Often, however, these…

Chaos engineering, which aims to make software-based systems as resilient as possible in the face of unexpected error conditions, is…

We’re living in a cloud-native world, and the tools and strategies that worked in the pre-cloud era often no longer…

As online communities grow globally, community platforms like Slack and Discourse play a critical role in managing and improving the…

Secrets sprawl, as the name suggests will grow out of control and become a tangled mess when it is not…

As organizations of all cuts and sizes are migrating to the cloud, there is a need to risk-assess the outcomes…

Developing modern web applications in the cloud nowadays is more streamlined than ever. This is true because many external vendors…

Microservices are taking the world by storm, and the movement isn’t showing signs of slowing down any time soon. The…

Over the past decade, software development and information technology operations have become more integrated, spawning a new approach, commonly called…

We are thankful to have been a part of the four Kubernetes community filled days – five, including the day…

We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled…

We all want our Open Source projects to be clear and simple to contribute to and we may think that…

Admit it, you still write bash. Maybe a lot of bash. We all think we can avoid it, but we…

You are reading this on Conjur.org because you love DevOps, open source, Conjur, or maybe it’s the sound of my…

Ansible is an agentless management tool that can manage provisioning, configuration, and deployment of applications. RedHat acquired Ansible in 2015…

This week we sent some of our team to DevOpsDays Boston. As usual, the real strength of the event were…

When you are developing an application, there are some important things that should not fall into the hands of strangers….

The SSH or Secure Shell protocol has become the industry standard for logging into one computer from another. Engineers use…

CyberArk was happy to be a part of Jenkins World, aka DevOps World, which took place this year in San…

This is an article about washing dishes. This is also an article about DevOps, but mostly it’s about washing dishes….

Over the past decade, my career has evolved from Development to DevOps and most recently to DevSecOps. DevSecOps is the result of organizations…

If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO…

When talking about increasing development velocity for your teams, containers are at the forefront of the conversation on the new…

The Application Developer Access Dilemma As application developers, we need secure access to resources – such as databases, SSH servers,…

In this article, we’re going to talk about the problems surrounding authorization for your AWS account. We’ll define what those…

The DevOps culture shift and the move to continuous integration and deployment have required different tooling and utilities than previous…

Introduction KubeCon is the premiere conference for the Kubernetes and cloud-native communities. Every year it is held jointly with CloudNativeCon,…

It’s not an overstatement that in today’s world, it’s dangerous to expose software services to the public without robust security…

Before the dotcom bubble bust in the early 2000’s, “irrational exuberance” drove stock valuations for internet companies that offered free…

2015 wasn’t very long ago, but when we look at significant events in computing, that was the year that the…

What is Terraform? Terraform is a tool for managing infrastructure as code.  You define your architecture and software setup once,…

The Internet of Things, or IoT, is what allows us to take the power of computing beyond desktops, servers, and…

Back when I first became a programmer, it was a common practice to include database credentials right in the code…

This integration allows Terraform users to leverage Conjur’s advanced non-human access control capabilities such as robust secrets management, tamper resistant…

Scrum Standups: A Refresher Engineers working in teams that use Scrum should be familiar with the format of a daily…

From the very beginning, the original Golang developers had a clear goal – retain the positive attributes of the common…

Kubernetes permissions are built with role-based access controls (RBAC), which open up potential risks and need to be carefully controlled. …

Over the past few years, whether you’re a developer, a system administrator, or a security professional, your world has changed a…

I had the pleasure of recently eating dinner at Kitchen Market, a contemporary fusion restaurant in Tel Aviv’s port Namal….

I was really excited to attend the Cloud Native Computing Foundation’s (CNCF) KubeCon + CloudNativeCon Kubernetes conference in Seattle. I…

A Warning Sign Los Angeles is famous for its complicated parking signs: Sunny totems of rules and exceptions, and exceptions…

The last decade has been an exciting time for the tech industry, with the advent of collaborative business practices like…

Ansible is an excellent tool for automating procedures across multiple machines. To do this, it uses multiple SSH connections to…

At CyberArk, code reviews are a part of daily life. Getting input from peers is essential to maintaining high code…

If your organization has been successful since before containers were a thing, then you probably already have a mix of…

CyberArk is incredibly pleased to announce the beta release of a new open source project, Secretless Broker. Secretless Broker makes…

The Default Method – Configuration By File The default method for configuring your Secretless Broker is to provide it with…

CyberArk Conjur Open Source is now available as a Kubernetes application in the Google Cloud Platform (GCP) Marketplace. The new…

I’ve recently been working with secrets.yml files that point to different secrets for different environments, and I wanted to share…

  The Secret Zero Problem I have talked to a number of security conscious professionals across a wide range of…

With the rise of Go, cross-compiling platform agnostic code has become more accessible than ever. Building a Windows binary of…

Introduction There has been a lot of buzz lately about Go modules, but there is still not much information available…

Fast software is satisfying to use, less costly to operate, and responds better to scale. Yet trying to improve the…

Buzz about Kubernetes is everywhere, and plenty of large organizations have adopted it. But what about smaller organizations? Is the…

If you think you’re hearing about a company getting hacked almost every day, that’s because you’re correct: there were over…

Pulling at a loose thread One day I noticed an inconsistency as I was joining together lists of words. Consider…

  “The great thing about software and servers is they always work as expected.” – Said no one, ever When…

Containerization has taken the technology world by storm. Docker emerged as the de-facto leader in the base technology making it all possible. Because containerization necessitates consistency throughout your infrastructure, even…

Challenge Conjur is built to allow you to control access to your critical systems. This makes Conjur a critical security…

One of the biggest challenges in containerized environments like Kubernetes is the secure distribution of credentials and other secrets needed…

Martin Fowler’s popular article on microservices contains this advice: Going directly to a microservices architecture is risky, so consider building…

This is the sixth and final blog post in a series discussing how high-performing DevOps teams build secure systems at scale….

In the dynamic world of containers there are challenges around providing secrets needed for a containerized workflow without hurting the…

The Conjur team spends a lot of time thinking about security policies. We create them regularly for our own operations…

This is the fifth blog post in a series discussing how high-performing DevOps teams build secure systems at scale. If…

  Configuring servers by hand is a costly and error-prone endeavor that increases in difficulty as the number of servers…

  At their San Francisco Summit today, Amazon released AWS Secrets Manager. It’s a native AWS service that simplifies the…

  If this article is the first time you’re hearing about CyberArk Conjur, you’ll probably want to read some of…

  How would you assess your team’s current cyber security level within your organization? If you’re like most, your team…

  Managing the SSH keys Ansible uses to connect to remote machines can be challenging. Placing keys on the Ansible…

  This is the fourth blog post in a series discussing how high-performing DevOps teams build secure systems at scale….

We are excited to announce the release of a new integration between Conjur and Cloud Foundry (CF). Cloud Foundry users…

  This is the first blog post in a series focusing on DevOps security workflows with Conjur. Check back for…

  What happened at Tesla? Tesla’s Amazon cloud accounts were breached recently by hackers who put the stolen servers to…

  Dr. Frankenstein’s monster is one of the most hated and misunderstood monsters of all time. Frankenstein brought his creation…

  This is the third blog post in a series discussing how high-performing DevOps teams build secure systems at scale….

  This is the second blog post in a series discussing how high-performing DevOps teams build secure systems at scale….

  Even if you’ve never heard of Jenkins, you might be benefiting from it already: many companies and open source…

This is the first installment in a series of blog posts on this topic. Years have passed since the software…

  Our Jenkins cluster had become a paralyzing mass of jobs, executor dependencies, and general complexity, not what you want…

We know it takes a lot to get a secure cloud automation project into production. Every day we are helping…