Many developers were left wondering which secrets were compromised and what code needed to be updated after attackers breached CircleCI…
Honeypots and Honeytokens: Trapping Attackers With Source Code Lures
![Honeypots and Honeytokens](https://www.conjur.org/wp-content/uploads/2023/05/honeypots-and-honeytokens.jpg)
Many developers were left wondering which secrets were compromised and what code needed to be updated after attackers breached CircleCI…
The bots are here…and they can code! AI tools like ChatGPT from OpenAI have burst onto the market and have…
If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO…
For DevSecOps, there’s always a balancing act between the fast pace of development velocity and security. Developers want to move…
Kubernetes has come a long way since its inception. But as the adoption of containerization has grown, Kubernetes security continues…
The Ansible Tower integration with CyberArk Conjur allows users and administrators to map sensitive credentials (like passwords, SSH private keys,…
Secrets management assists organizations in authenticating applications and checking clients before allowing them to access sensitive information, systems, and services….
No matter their occupation, nobody likes to do the same set of tasks repetitively — especially when automation is an…
Red Hat OpenShift is a Kubernetes-based platform for container orchestration. OpenShift differentiates itself from Kubernetes through features such as tight…
By default, Kubernetes uses Base64 encoding to store information such as application credentials, keys, and certificates. Unfortunately, this Base64 encoding…
Knative is the de facto standard for running serverless workloads in Kubernetes. But what do you do when your Knative…
Mainstream technology enterprises widely use Kubernetes. It’s an extendable, lightweight, open-source container orchestration platform. This popular platform has an ever-expanding…
Red Hat OpenShift is one of the most popular and powerful enterprise container orchestration platforms. All container orchestration solutions let…
In recent years, there is a trend toward so-called low-code and no-code platforms. While no-code platforms often appeal to businesses…
With technology becoming a central part of our daily lives, we need to keep information safe from an equally rapidly…
Editor’s Note: Please be aware that K3 is not officially supported on Conjur and the contents of this tutorial are…
Most secrets management solutions rely on a master key or “secret zero” that can unlock other credentials. The problem is…
In the first and second articles of this series, we discussed managing the information needed to build and test applications….
The first article in this series discussed the value of integrating Conjur with Jenkins. This article focuses on implementing Conjur…
Handling secrets in cloud-native environments is a challenge for many organizations. Virtually any application requires some sort of secret, such…
Jenkins is a versatile platform for implementing continuous integration and continuous delivery (CI/CD) processes to develop applications. Using plugins, Jenkins…
Kubernetes is a popular choice for microservices because it provides scalable, portable, efficient deployment and reduces most DevOps overhead. Generally,…
Managing cloud infrastructure isn’t a simple task at the best of times. From initial provisioning and configuration to maintenance and…
Conjur provides excellent policy and command examples. The Getting Started with Conjur guides and Conjur Documentation should be your first…
DevOps teams rely heavily on their CI/CD configuration tools to automate processes, accelerate delivery timelines and innovate at high velocity….
Organizations are migrating and deploying new workloads in cloud environments much more rapidly than ever, instead of expanding traditional on-premises…
Learning is fun, and the best way to learn is through hands-on exercises. That’s why Conjur provides some tutorials to…
The Conjur REST API is now available as an open-source OpenAPI definition. This effort creates new avenues for API exploration,…
The recent SolarWinds breach prompted many organizations to take a hard look at their current cybersecurity practices, and get back…
Secret management is essential for ensuring an organization’s cybersecurity. In this era, when users share valuable information with service providers,…
Conjur controls access to secrets using role-based access control (RBAC). We cover this in detail in Policy Concepts, but, to…
In today’s day and age, it’s hard to overstate the importance of data. Every day organizations throughout the world build…
Keeping secrets safe is quite an important aspect of managing an application. One that is often ignored until it’s too…
Almost every application needs to deal with secrets in one way or another, to authenticate with a backend database or…
Centralized secrets management addresses important DevOps security attack vectors such as secret sprawl and security islands, but it could help introduce…
Since the earliest attempts at application development, programmers have needed to include credentials as part of their application. Connecting an…
Since our first release of the Conjur Open Source Suite (OSS) aimed at helping development teams make the most of our secrets management…
The Challenge Secrets – or privileged credentials that act as “keys”– are essential in Kubernetes environments. Kubernetes pods and their…
Software and infrastructure architecture are quickly evolving into cloud environments. With this migration, Infrastructure as Code (IaC) is melding with…
Application Security Overview Good application security (AppSec) prevents unauthorized access and modifications to apps by controlling access to sensitive information…
One concept that doesn’t always come to mind when we think of automated application testing is secrets management. That being…
Kubernetes is a great orchestration tool for your containerized applications and Amazon’s Elastic Kubernetes Service (EKS) provides an easy way…
Application architecture hasn’t really changed all that much over the last 50 years. While we have gone from client-server to…
How will quantum computing change secrets management? That seems like a pertinent question to ask, now that Google has claimed…
After much hard work, our team is pleased to announce the release of our new v3 of CyberArk/Conjur Puppet module…
The technology world has always relied heavily upon applications with some form of state, especially during the previous era of…
In many ways, on-call duty and secrets management might seem to occupy pretty different parts of the IT universe. When…
Once upon a time, access management was a simple thing. It focused mostly on making sure that the right users…
What is Secretless? Connecting to APIs has become a standard part of application development. As developers, we regularly use APIs…
The ability to consume external resources “on-the-fly,” is a core capability of cloud-native architecture, one that comes with a prerequisite…
It’s not an exaggeration to say that enterprise ready machine identity frameworks are in greater need than before. This is…
One of the most important aspects of today’s cloud infrastructures is secrets management. There are many possible solutions, all of…
Applications often need to hold secrets. Connection strings, passwords, certificates, and other credentials are among the information applications may need…
Secrets management is a critical problem for developers, especially for teams adopting DevOps practices. Until recently, it was the IT…
When we talk about Secrets Management and handling secrets, we ought to think about all the users of the system…
The role of the developer has changed a great deal in recent years. Application architectures now include microservices, distributed systems,…
Machine-to-machine communication is very important in today’s business-in-the-cloud. A lot of credentials and secrets are used and shared by non-human…
Some GitHub repositories don’t just contain code – they contain passwords, API tokens, and credentials. The worst part? These are…
We’re living in a cloud-native world, and the tools and strategies that worked in the pre-cloud era often no longer…
Secrets sprawl, as the name suggests will grow out of control and become a tangled mess when it is not…
As organizations of all cuts and sizes are migrating to the cloud, there is a need to risk-assess the outcomes…
Developing modern web applications in the cloud nowadays is more streamlined than ever. This is true because many external vendors…
Microservices are taking the world by storm, and the movement isn’t showing signs of slowing down any time soon. The…
Over the past decade, software development and information technology operations have become more integrated, spawning a new approach, commonly called…
We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled…
Ansible is an agentless management tool that can manage provisioning, configuration, and deployment of applications. RedHat acquired Ansible in 2015…
When you are developing an application, there are some important things that should not fall into the hands of strangers….
The SSH or Secure Shell protocol has become the industry standard for logging into one computer from another. Engineers use…
Over the past decade, my career has evolved from Development to DevOps and most recently to DevSecOps. DevSecOps is the result of organizations…
In this article, we’re going to talk about the problems surrounding authorization for your AWS account. We’ll define what those…
The Internet of Things, or IoT, is what allows us to take the power of computing beyond desktops, servers, and…
Back when I first became a programmer, it was a common practice to include database credentials right in the code…