Secrets Management Archives

Setting up Conjur on OpenShift

Posted on April 18, 2022 (April 20, 2022) by John Walsh

Red Hat OpenShift is a Kubernetes-based platform for container orchestration. OpenShift differentiates itself from Kubernetes through features such as tight…

Installing Conjur in an EKS Kubernetes Cluster Using Rancher

Posted on March 30, 2022 (April 20, 2022) by Staff Writer

By default, Kubernetes uses Base64 encoding to store information such as application credentials, keys, and certificates. Unfortunately, this Base64 encoding…

Conjur Secrets Management in Knative Serverless Functions

Posted on February 28, 2022 (March 16, 2022) by Staff Writer

Knative is the de facto standard for running serverless workloads in Kubernetes. But what do you do when your Knative…

New Red Hat OpenShift Secrets Management Operator for The Conjur (Follower)

Posted on January 31, 2022 (March 31, 2022) by John Walsh

Red Hat OpenShift is one of the most popular and powerful enterprise container orchestration platforms. All container orchestration solutions let…

Low-Code Secrets Management For Beginners

Posted on January 26, 2022 (February 19, 2022) by John Walsh

In recent years, there is a trend toward so-called low-code and no-code platforms. While no-code platforms often appeal to businesses…

Remove Secrets from your Codebase

Posted on December 22, 2021 (January 27, 2022) by Staff Writer

With technology becoming a central part of our daily lives, we need to keep information safe from an equally rapidly…

IoT and Edge Secrets Management with Conjur and K3s

Posted on November 23, 2021 (March 31, 2022) by Staff Writer

Editor’s Note: Please be aware that K3 is not officially supported on Conjur and the contents of this tutorial are…

Why Machine Identity is as Important as User Identity to Infrastructure Security

Posted on October 28, 2021 (November 2, 2021) by John Walsh

Cloud-native applications use resources available to them online, on a public cloud platform, or hosted on-premises. IT teams apply policies…

Three Steps to Avoiding the Secret Zero Trap

Posted on October 21, 2021 (October 28, 2021) by John Walsh

Most secrets management solutions rely on a master key or “secret zero” that can unlock other credentials. The problem is…

Adding Conjur Secrets Management to Your Jenkins Pipeline

Posted on September 27, 2021 (September 27, 2021) by Mark Hurter

The first article in this series discussed the value of integrating Conjur with Jenkins. This article focuses on implementing Conjur…

Keeping Secrets Secure on Kubernetes

Posted on September 16, 2021 (September 22, 2021) by John Walsh

Handling secrets in cloud-native environments is a challenge for many organizations. Virtually any application requires some sort of secret, such…

Why You Need Secrets Management in Your Jenkins Pipeline

Posted on September 10, 2021 (September 27, 2021) by John Walsh

Jenkins is a versatile platform for implementing continuous integration and continuous delivery (CI/CD) processes to develop applications. Using plugins, Jenkins…

Kubernetes secrets management: Build secure apps faster without secrets

Posted on August 27, 2021 (September 22, 2021) by John Walsh

Kubernetes is a popular choice for microservices because it provides scalable, portable, efficient deployment and reduces most DevOps overhead. Generally,…

Secrets Management Deployment Tips & Tricks

Posted on June 27, 2021 (June 30, 2021) by Jeff Griffith

Conjur provides excellent policy and command examples. The Getting Started with Conjur guides and Conjur Documentation should be your first…

Community Perspective: Managing Secrets for Puppet Automation

Posted on May 31, 2021 (June 25, 2021) by Nirmalkumar Dhanaraj

DevOps teams rely heavily on their CI/CD configuration tools to automate processes, accelerate delivery timelines and innovate at high velocity….

DevOps Security: Cloud Secrets Management, from Multi-Cloud to Cloud Agnostic Environments

Posted on May 25, 2021 (June 25, 2021) by John Walsh

Organizations are migrating and deploying new workloads in cloud environments much more rapidly than ever, instead of expanding traditional on-premises…

Learning Secrets Management With Hands-on Interactive Tutorials

Posted on May 21, 2021 (June 25, 2021) by John Walsh

Learning is fun, and the best way to learn is through hands-on exercises. That’s why Conjur provides some tutorials to…

Introducing the Conjur OpenAPI Description

Posted on April 30, 2021 (June 25, 2021) by John O'Donnell

The Conjur REST API is now available as an open-source OpenAPI definition. This effort creates new avenues for API exploration,…

Essentials to Securing Kubernetes Secrets with Secrets Management

Posted on April 4, 2021 (April 9, 2021) by John Walsh

Secret management is essential for ensuring an organization’s cybersecurity. In this era, when users share valuable information with service providers,…

How to Setup Serverless IAM Authenticator with AWS Lambda

Posted on March 22, 2021 (March 31, 2021) by Andrew Copeland

Lambda functions are a great way to build a microservices application without the need to provision or manage servers. You…

Secrets Management RBAC Policy Example

Posted on March 3, 2021 (March 5, 2021) by Jeff Griffith

Conjur controls access to secrets using role-based access control (RBAC). We cover this in detail in Policy Concepts, but, to…

Security Considerations for Data Stream Processing

Posted on February 28, 2021 (April 29, 2021) by Scott Fitzpatrick

In today’s day and age, it’s hard to overstate the importance of data. Every day organizations throughout the world build…

Secrets Management for Hybrid Applications

Posted on February 25, 2021 (March 23, 2021) by Twain Taylor

Keeping secrets safe is quite an important aspect of managing an application. One that is often ignored until it’s too…

Securing OpenShift Secrets

Posted on February 22, 2021 (March 24, 2021) by John Walsh

Almost every application needs to deal with secrets in one way or another, to authenticate with a backend database or…

Secret Zero: Eliminating the Ultimate Secret

Posted on January 29, 2021 (April 28, 2021) by John Walsh

Centralized secrets management addresses important DevOps security attack vectors such as secret sprawl and security islands, but it could help introduce…

Secrets Management with .NET Core

Posted on January 22, 2021 (April 29, 2021) by Mike Mackrory

Since the earliest attempts at application development, programmers have needed to include credentials as part of their application. Connecting an…

Kubernetes Security: Best Practices for Kubernetes Secrets Management

Posted on December 17, 2020 (December 18, 2020) by John Walsh

Kubernetes Security Best Practices for secrets management and authentication

Kubernetes has come a long ways since its inception a few years ago, but Kubernetes security has always lagged behind…

Secure CI/CD Pipelines: Best Practices for Managing CI/CD Secrets

Posted on December 15, 2020 (February 23, 2021) by John Walsh

Keeping your applications and infrastructure secure is a significant concern for most organizations. But you need to balance the inertia…

Application Security: Best Practices for Secrets Management to Protect Applications

Posted on November 29, 2020 (December 19, 2020) by John Walsh

Application Security Overview Good application security (AppSec) prevents unauthorized access and modifications to apps by controlling access to sensitive information…

Security Automation: How Secrets Management Supports Test Automation

Posted on November 25, 2020 (April 29, 2021) by Scott Fitzpatrick

One concept that doesn’t always come to mind when we think of automated application testing is secrets management. That being…

Cloud Native IAM EKS Secrets Management for Kubernetes

Posted on November 16, 2020 (July 6, 2021) by Jody Hunt

Kubernetes is a great orchestration tool for your containerized applications and Amazon’s Elastic Kubernetes Service (EKS) provides an easy way…

Application Security and Machine Learning

Posted on November 13, 2020 (April 29, 2021) by Twain Taylor

Machine Learning and Application Security

Application architecture hasn’t really changed all that much over the last 50 years. While we have gone from client-server to…

Secrets Management Considerations for a Post-Quantum World

Posted on October 30, 2020 (April 29, 2021) by Chris Tozzi

How will quantum computing change secrets management? That seems like a pertinent question to ask, now that Google has claimed…

Puppet Secrets Management: Key Conjur v3 Enhancements

Posted on October 20, 2020 (April 29, 2021) by Srdjan Grubor

After much hard work, our team is pleased to announce the release of our new v3 of CyberArk/Conjur Puppet module…

Stateless Application Secrets

Posted on October 8, 2020 (March 3, 2021) by Vince Power

The technology world has always relied heavily upon applications with some form of state, especially during the previous era of…

Leverage Secrets Management for Effective On-Call Support

Posted on September 25, 2020 (March 2, 2021) by John Walsh

In many ways, on-call duty and secrets management might seem to occupy pretty different parts of the IT universe. When…

Understanding Secrets Management, OAuth, and Single Sign-On (SSO)

Posted on September 17, 2020 (April 29, 2021) by Chris Tozzi

Once upon a time, access management was a simple thing. It focused mostly on making sure that the right users…

Connect to Any API Without Exposing Your Secrets | Secretless Broker

Posted on September 14, 2020 (April 30, 2021) by Jacob Quilty

What is Secretless? Connecting to APIs has become a standard part of application development. As developers, we regularly use APIs…

Enforcement at scale with Admission Controllers with Secrets Management

Posted on August 31, 2020 (July 6, 2021) by Chris Tozzi

The ability to consume external resources “on-the-fly,” is a core capability of cloud-native architecture, one that comes with a prerequisite…

Service-to-Service Authentication in Cloud Applications & Microservices

Posted on August 18, 2020 (July 7, 2021) by Theo Despoudis

It’s not an exaggeration to say that enterprise ready machine identity frameworks are in greater need than before. This is…

Managing Secrets For Concourse CI Pipelines

Posted on July 31, 2020 (July 7, 2021) by Andrew Copeland

One of the most important aspects of today’s cloud infrastructures is secrets management. There are many possible solutions, all of…

AWS IAM Authenticator Tutorial For Conjur Open Source

Posted on June 25, 2020 (June 26, 2020) by Joe Garcia

Applications often need to hold secrets. Connection strings, passwords, certificates, and other credentials are among the information applications may need…

Secrets Management Overview For Developers & DevOps

Posted on June 18, 2020 by John Walsh

Secrets management is a critical problem for developers, especially for teams adopting DevOps practices. Until recently, it was the IT…

Secrets Management Best Practices for Machines and Services to Get Secure Access

Posted on May 20, 2020 (July 7, 2021) by Theo Despoudis

When we talk about Secrets Management and handling secrets, we ought to think about all the users of the system…

Developer’s Guide to Selecting a Secrets Management Solution

Posted on May 12, 2020 (July 7, 2021) by Mike Mackrory

The role of the developer has changed a great deal in recent years. Application architectures now include microservices, distributed systems,…

How to Build Your Secrets Management REST API’s into Postman

Posted on April 22, 2020 (July 7, 2021) by Cordny Nederkoorn

Machine-to-machine communication is very important in today’s business-in-the-cloud. A lot of credentials and secrets are used and shared by non-human…

How to Scan GitHub Repositories for Secrets & Credentials with Open Source

Posted on April 9, 2020 (May 21, 2021) by Swaathi Kakarla

Some GitHub repositories don’t just contain code – they contain passwords, API tokens, and credentials. The worst part? These are…

Managing Secrets Successfully in a Cloud-Native World

Posted on February 5, 2020 (February 10, 2020) by Chris Tozzi

We’re living in a cloud-native world, and the tools and strategies that worked in the pre-cloud era often no longer…

What is Secrets Sprawl & How to Avoid It with Secrets Management

Posted on January 27, 2020 (January 28, 2020) by Chris Tozzi

Secrets sprawl, as the name suggests will grow out of control and become a tangled mess when it is not…

Tutorial: Sharing Credentials Across Multi-cloud with Centralized Secrets Management

Posted on January 7, 2020 (January 10, 2020) by Theo Despoudis

As organizations of all cuts and sizes are migrating to the cloud, there is a need to risk-assess the outcomes…

Tutorial: How I Secured Third-party Mongo API Secrets in My Node.js App Across the Cloud

Posted on December 18, 2019 (December 19, 2019) by Theo Despoudis

Developing modern web applications in the cloud nowadays is more streamlined than ever. This is true because many external vendors…

An Introduction to Creating & Organizing Your First Public Key Store for Microservices With Secrets Management

Posted on December 16, 2019 (December 16, 2019) by Mike Mackrory

Microservices are taking the world by storm, and the movement isn’t showing signs of slowing down any time soon. The…

Building a Comprehensive Monitoring Strategy That Includes Secrets Management

Posted on December 6, 2019 (December 16, 2019) by Mike Mackrory

Over the past decade, software development and information technology operations have become more integrated, spawning a new approach, commonly called…

Four Ways to Keep Kubernetes’ Secrets Secret

Posted on November 18, 2019 (November 26, 2019) by John Walsh

We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled…

JOIN OUR GROWING COMMUNITY