Secrets Manager

Urgent: Zero-Day CVEs Found in Two Major Secrets Managers — Have You Updated Yet?

Today, my manager forwarded me this article about several zero-day CVEs discovered in CyberArk and HashiCorp products. After some time spent researching online, I confirmed that both brands have fixed these CVEs by releasing updated versions!! I’m not surprised that these two big corporations acted quickly and fixed the vulnerabilities; both are well-known and reliable! This event gave me an excuse to write this article and respond to one of the most common questions I get from my customers whenever I share news about a new release of a secrets manager: ...

The Critical Trio: Secrets Manager, Zero-CVE Images, and CNAPP are Needed (Not Only) for DORA Compliance!

With the Digital Operational Resilience Act (DORA) now in effect across the European Union as of January 17, 2025, financial institutions face unprecedented cybersecurity and operational resilience requirements. Successfully achieving DORA compliance demands a comprehensive security strategy that also includes the following three fundamental components: Robust secrets management Hardened container images with minimal vulnerabilities Unified cloud-native application protection platforms (CNAPPs) These technologies work synergistically to meet DORA’s stringent ICT risk management, asset identification, and third-party oversight mandates. ...

CyberArk Conjur: A Quick Overview of Architecture and System Requirements

As I wrote in my last post, CyberArk Conjur is an enterprise secrets manager. , CyberArk Conjur is an enterprise secrets manager. In this post, I’ll provide an architecture overview along with the main system requirements. Conjur is currently available in two versions: Enterprise and open source (known as OSS). A “cloud” version will be available soon, offered as a SaaS solution. This post focuses on the Enterprise version, which is similar but not identical to the OSS version. ...

CyberArk Conjur - why you (probably) need an enterprise secrets manager

Security is always a complex topic to address, as an error or omission in processes can lead to serious economic or reputational damage for a company. When we talk about “secrets,” consider the following examples: Usernames Database passwords SSL certificates and keys SSH keys Cloud credentials Simply reading through this list helps to explain why this topic needs to be considered and handled carefully. Some common bad practices or risks include: ...