Posts

I’ll start with a premise for those who may not already be familiar: the open-source software ecosystem often revolves around foundations, with the most famous probably being the Linux Foundation. In the cloud-native domain, the reference foundation is the Cloud Native Computing Foundation, commonly known as CNCF. CNCF is a foundation created by the Linux Foundation in 2015, specifically to manage projects in the cloud-native domain. In simple terms, it can be defined as a third-party, vendor-neutral entity that oversees the development and activities related to major projects involving containerized technologies like Kubernetes. ...

During the previous days, CyberArk has released version 13.0 of Conjur Enterprise. What’s new? Who should consider upgrading, and why? I’ve published an article on these topics here on the SIGHUP blog.

CyberArk Conjur is released as an appliance and distributed as container images to enable fast, error-free setup. The supported container runtimes include: Docker 20.10 or later Mirantis Container Runtime 20.10 Podman 3.x, 4.x While working with multiple Conjur environments in our labs and at customer sites, we noticed that log rotation (for Conjur, Nginx, cluster, etc.) did not function correctly on Podman, although it worked as expected on Docker. After some investigation with the excellent CyberArk support team, we identified the solution: ...

I believe it’s important to start with a premise: In this article, I’ll talk about a product/service built and offered by my current employer, SIGHUP. No one from my company has asked me to publish this blog post here; these are my honest opinions about Secure Containers. Secure Containers is a paid service built by SIGHUP that provides secure, hardened, and updated container base images. Developers working with containers and images now enjoy several advantages compared to the past, such as standardization, automation, and faster release times. ...

Being able to work safely in cybersecurity requires knowledge, attention to detail, and a solid portfolio of reliable software. One of the tools I have learned about and used in recent months is Snyk. Calling Snyk a “tool” isn’t quite accurate—it’s a security platform that offers a suite of tools capable of operating on any codebase, including: Code (SAST) Open Source (SCA) Containers Infrastructure as Code Cloud In recent years, the amount of code produced has grown exponentially. The availability of countless open-source libraries and containers has accelerated development, but how can we be sure that all these resources are secure? ...

During our work with a CyberArk Conjur environment, we encountered strange behavior during the Conjur follower setup. The setup process on the follower would start, the seed was received, imported, and expanded, but after a few more steps, the process would hang and end with a generic “System Error.” After displaying the error message, the Conjur follower would restart. We performed troubleshooting inside the Conjur Follower pod and verified that the follower could connect to the Conjur API leader successfully, but it was unable to connect to the Postgres database and complete the initial replication. ...

As you may know, one of the key components of the CyberArk Conjur architecture is the Synchronizer, which is required to receive secrets from the Vault. Last week, I took charge of an abandoned Synchronizer version 11.7 that had not been working for some time and also needed to be upgraded to the latest 12.7 release. After completing the upgrade (check this link for the steps), the Windows service failed to start, and the log contained the following error: ...

As you probably know, CyberArk hosts a major annual event called Impact, which this year took place in Boston. In recent weeks, CyberArk has announced an exciting initiative: the CyberArk Impact World Tour, which will be hosted in several cities around the globe. If you’re interested, you can find all the details on this page, including: Cities involved Agenda Registration form Personally, I’ll be attending the event in Milan, scheduled for October 11th, 2022. I’m excited for the opportunity to attend some fascinating sessions and meet interesting people in person. See you there! ...

During the past few weeks, I have described what a secrets manager is and provided an overview of the architecture and system requirements of CyberArk Conjur. A secrets manager can’t do its job if it can’t communicate with those who need to request secrets, and that’s where Conjur’s magic comes in! The “authenticators” are responsible for the authentication process in Conjur and are specialized to do this in the most secure way, depending on the service. Here is the list of authenticators currently supported: ...

As I wrote in my last post, CyberArk Conjur is an enterprise secrets manager. , CyberArk Conjur is an enterprise secrets manager. In this post, I’ll provide an architecture overview along with the main system requirements. Conjur is currently available in two versions: Enterprise and open source (known as OSS). A “cloud” version will be available soon, offered as a SaaS solution. This post focuses on the Enterprise version, which is similar but not identical to the OSS version. ...