Posts

I believe it’s important to start with a premise: In this article, I’ll talk about a product/service built and offered by my current employer, SIGHUP. No one from my company has asked me to publish this blog post here; these are my honest opinions about Secure Containers. Secure Containers is a paid service built by SIGHUP that provides secure, hardened, and updated container base images. Developers working with containers and images now enjoy several advantages compared to the past, such as standardization, automation, and faster release times. ...

Being able to work safely in cybersecurity requires knowledge, attention to detail, and a solid portfolio of reliable software. One of the tools I have learned about and used in recent months is Snyk. Calling Snyk a “tool” isn’t quite accurate—it’s a security platform that offers a suite of tools capable of operating on any codebase, including: Code (SAST) Open Source (SCA) Containers Infrastructure as Code Cloud In recent years, the amount of code produced has grown exponentially. The availability of countless open-source libraries and containers has accelerated development, but how can we be sure that all these resources are secure? ...

During our work with a CyberArk Conjur environment, we encountered strange behavior during the Conjur follower setup. The setup process on the follower would start, the seed was received, imported, and expanded, but after a few more steps, the process would hang and end with a generic “System Error.” After displaying the error message, the Conjur follower would restart. We performed troubleshooting inside the Conjur Follower pod and verified that the follower could connect to the Conjur API leader successfully, but it was unable to connect to the Postgres database and complete the initial replication. ...

As you may know, one of the key components of the CyberArk Conjur architecture is the Synchronizer, which is required to receive secrets from the Vault. Last week, I took charge of an abandoned Synchronizer version 11.7 that had not been working for some time and also needed to be upgraded to the latest 12.7 release. After completing the upgrade (check this link for the steps), the Windows service failed to start, and the log contained the following error: ...

As you probably know, CyberArk hosts a major annual event called Impact, which this year took place in Boston. In recent weeks, CyberArk has announced an exciting initiative: the CyberArk Impact World Tour, which will be hosted in several cities around the globe. If you’re interested, you can find all the details on this page, including: Cities involved Agenda Registration form Personally, I’ll be attending the event in Milan, scheduled for October 11th, 2022. I’m excited for the opportunity to attend some fascinating sessions and meet interesting people in person. See you there!

During the past few weeks, I have described what a secrets manager is and provided an overview of the architecture and system requirements of CyberArk Conjur. A secrets manager can’t do its job if it can’t communicate with those who need to request secrets, and that’s where Conjur’s magic comes in! The “authenticators” are responsible for the authentication process in Conjur and are specialized to do this in the most secure way, depending on the service. Here is the list of authenticators currently supported: ...

As I wrote in my last post, CyberArk Conjur is an enterprise secrets manager. , CyberArk Conjur is an enterprise secrets manager. In this post, I’ll provide an architecture overview along with the main system requirements. Conjur is currently available in two versions: Enterprise and open source (known as OSS). A “cloud” version will be available soon, offered as a SaaS solution. This post focuses on the Enterprise version, which is similar but not identical to the OSS version. ...

Security is always a complex topic to address, as an error or omission in processes can lead to serious economic or reputational damage for a company. When we talk about “secrets,” consider the following examples: Usernames Database passwords SSL certificates and keys SSH keys Cloud credentials Simply reading through this list helps to explain why this topic needs to be considered and handled carefully. Some common bad practices or risks include: ...

Hello there! How are you? I’m really good! As you may have seen on my social media, starting from the 16th of May, I’ve begun a new position as Senior DevSecOps at SIGHUP. I’m really excited about this new opportunity, and I’m writing this post because it will also have an effect on this blog’s focus. The topics will shift from previous subjects to cloud-native infrastructure security, starting with tools like CyberArk Conjur. The previous content on this blog will remain here forever. I believe it could be helpful for some time, and I also want to honor my HCL Ambassador role. ...