Conjur offers a consistent way to secure, store, and fetch secrets across leading CI/CD tool stacks, containerization and cloud platforms. With this open source solution secrets management is made as simple and secure as possible.
Secure CI/CD Pipelines
High-performance DevOps teams use automated configuration management tools to enable continuous integration and deployment (CI/CD) practices. These practices are designed for efficiency and speed, but become risky when security best practices are not followed.
At the heart of CI/CD pipelines are tools like Jenkins, Ansible, Puppet, Chef, and other automation and configuration tools. These tools require secrets to access protected resources like databases, SSH servers, HTTPs services, and so on. These secrets are often insecurely hard-coded or stored in configuration files or code for these tools like JenkinsFiles, playbooks, scripts, or source code.
Conjur integrates natively with leading automated configuration management tools to remove hard-coded and unprotected secrets from the DevOps tools in the CI/CD pipeline while providing full audit trails and robust secrets rotation.
Containers have solved a lot of problems for DevOps and engineering teams by improving portability and speed. Containerized platforms often create numerous containers and short-lived (ephemeral) instances to facilitate productivity and efficiency.
Containers need secrets to access protected resources like databases, SSH server, HTTPs services, and others. However, securely identifying a container, especially in a dynamic and ephemeral environment, in order to determine if it is authorized to access a specific resource, is challenging.
Conjur is specifically architected for containerized environments. The solution tightly and seamlessly integrates with popular container platforms, helping developers centralize and simplify the management of secrets for containers across public or private cloud environments. With Conjur, each container/pod is assigned a unique set of role-based access (RBAC) privileges for fine-grained control. Applications and services running in containers are uniquely authenticated, ensuring secrets are shared securely, and only with their intended recipients. Central audit trails provide visibility into critical security events.
Securely Manage Secrets in Elastic & Auto-scale Environments
Cloud providers offer auto-scaling capabilities to support elasticity (ephemeral) and pay-as-you-grow economics, which enables organizations to dynamically extend or throttle capacity based on administratively defined policies to meet performance or business objectives. However, the dynamic nature of auto-scaling creates security management challenges for organizations. When a new host comes online the owner of the host can manually set permissions, but this human interaction doesn’t scale.
Conjur removes the need for human operators to manually apply policies to each new host by dynamically assigning an identity to the host and securely authenticating the calling application based on the predefined security policy. For example, a Kubernetes (K8S) / OpenShift pod can automatically get access to a set of resources, by assigning the pod to a group of hosts that has this access in the security policy. The assignment is done based on the pod characteristics and securely validated during runtime.
Eliminate Multi-cloud & Multi-tool Security Islands
Most configuration management tools, cloud providers, and container orchestration solutions have their own secrets management functionality. Secrets are typically separately maintained and administered using different systems (“security islands”) which makes it difficult or impossible to share secrets and institute uniform security policies.
Conjur integrates natively with leading automation and configuration management tools, as well as container orchestration platforms, to help developers centralize and simplify the management of secrets across tools, applications, containers, and clouds. The solution centrally authenticates, controls, and audits non-human access across leading tool stacks, container platforms, and cloud environments with robust secrets management, helping organizations streamline operations and improve compliance, while instituting uniform security policies across the DevOps environments.