Security is always a complex topic to address, as an error or omission in processes can lead to serious economic or reputational damage for a company.
When we talk about “secrets,” consider the following examples:
- Usernames
- Database passwords
- SSL certificates and keys
- SSH keys
- Cloud credentials
Simply reading through this list helps to explain why this topic needs to be considered and handled carefully.
Some common bad practices or risks include:
- Hardcoding secrets in code
- Data breaches
- Password leaks
- Secrets pushed to public repositories
With practices like lateral movement, just one compromised secret can be enough to compromise an entire environment.
To help prevent these risks, there are tools known as “enterprise secrets managers.” I’d like to start a series of posts on this blog about CyberArk Conjur.
Conjur allows you to avoid direct use of secrets by leveraging a set of REST APIs, making it a programmable tool that can be accessed via URL or open source utilities.
Security is enforced through security policies without slowing down the developers involved.
Corporate security can be further improved with the use of rotators, which programmatically change secret values.
If other CyberArk software like PAS Vault is already in use, Conjur can be integrated using the Synchroniser component,
providing the same level of security for cloud-native infrastructure.
Conjur is available in two versions: enterprise and open source, each with distinct features.
In upcoming posts, I will explain details about the architecture, secrets management, and product news related to CyberArk Conjur.