If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO…
The Sword in the Darkness, the Watcher on the Wall
Tag: DevSecOps
Tutorial: Kubernetes Vulnerability Scanning & Testing With Open Source
Mainstream technology enterprises widely use Kubernetes. It’s an extendable, lightweight, open-source container orchestration platform. This popular platform has an ever-expanding…
IoT and Edge Secrets Management with Conjur and K3s
Editor’s Note: Please be aware that K3 is not officially supported on Conjur and the contents of this tutorial are…
DevSecOps Tutorial: Secrets Management for Jenkins CI/CD Pipelines
Maintaining secrets in a secure way is an important — though often overlooked — aspect of security. DevOps security often…
Secrets Management RBAC Policy Example
Conjur controls access to secrets using role-based access control (RBAC). We cover this in detail in Policy Concepts, but, to…
Securing OpenShift Secrets
Almost every application needs to deal with secrets in one way or another, to authenticate with a backend database or…
Secret Zero: Eliminating the Ultimate Secret
Centralized secrets management addresses important DevOps security attack vectors such as secret sprawl and security islands, but it could help introduce…
Behind the Curtain of Conjur Open Source Suite (OSS) Releases
Since our first release of the Conjur Open Source Suite (OSS) aimed at helping development teams make the most of our secrets management…
Security Automation: Best Practices for Secrets Management in a Configuration-as-Code Environment
Software and infrastructure architecture are quickly evolving into cloud environments. With this migration, Infrastructure as Code (IaC) is melding with…
Application Security: Best Practices for Secrets Management to Protect Applications
Application Security Overview Good application security (AppSec) prevents unauthorized access and modifications to apps by controlling access to sensitive information…
Security Automation: How Secrets Management Supports Test Automation
One concept that doesn’t always come to mind when we think of automated application testing is secrets management. That being…
Cloud Native IAM EKS Secrets Management for Kubernetes
Kubernetes is a great orchestration tool for your containerized applications and Amazon’s Elastic Kubernetes Service (EKS) provides an easy way…
Leverage Secrets Management for Effective On-Call Support
In many ways, on-call duty and secrets management might seem to occupy pretty different parts of the IT universe. When…
Secrets Management Overview For Developers & DevOps
Secrets management is a critical problem for developers, especially for teams adopting DevOps practices. Until recently, it was the IT…
How to Build Your Secrets Management REST API’s into Postman
Machine-to-machine communication is very important in today’s business-in-the-cloud. A lot of credentials and secrets are used and shared by non-human…
Security Challenges Around Chaos Engineering
Chaos engineering, which aims to make software-based systems as resilient as possible in the face of unexpected error conditions, is…
Managing Secrets Successfully in a Cloud-Native World
We’re living in a cloud-native world, and the tools and strategies that worked in the pre-cloud era often no longer…
Tutorial: Sharing Credentials Across Multi-cloud with Centralized Secrets Management
As organizations of all cuts and sizes are migrating to the cloud, there is a need to risk-assess the outcomes…
Tutorial: How I Secured Third-party Mongo API Secrets in My Node.js App Across the Cloud
Developing modern web applications in the cloud nowadays is more streamlined than ever. This is true because many external vendors…
An Introduction to Creating & Organizing Your First Public Key Store for Microservices With Secrets Management
Microservices are taking the world by storm, and the movement isn’t showing signs of slowing down any time soon. The…
Building a Comprehensive Monitoring Strategy That Includes Secrets Management
Over the past decade, software development and information technology operations have become more integrated, spawning a new approach, commonly called…
Mitigating Risk in the Cloud with Authorization of Amazon Web Services Apps
In this article, we’re going to talk about the problems surrounding authorization for your AWS account. We’ll define what those…
Managing and Understanding the Secrets of IoT
The Internet of Things, or IoT, is what allows us to take the power of computing beyond desktops, servers, and…
Loading Your Database Credentials at Runtime with Conjur
Back when I first became a programmer, it was a common practice to include database credentials right in the code…
CyberArk CNCF KubeCon 2018 Wrap up
I was really excited to attend the Cloud Native Computing Foundation’s (CNCF) KubeCon + CloudNativeCon Kubernetes conference in Seattle. I…
Don’t Get Pwned by Secret Zero
The Secret Zero Problem I have talked to a number of security conscious professionals across a wide range of…
