Open Source/DevOps Innovation of the Year
Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, revealed improvements to their PAM solution for DevOps, DevOps Secrets Vault.
The cloud-based solution adds new out-of-the-box Secret Server integration, SIEM integration, automated authentication through SSH keys and certificate generation, new wizards to streamline command-line use, and a Home Vault, a personal user space for secrets. These enhancements make it easier to integrate DevOps security into a broader PAM ecosystem while improving usability and accelerating time to value.
Extend PAM security
DevOps Secrets Vault’s Secret Server integration allows Secret Server to create secrets in the Vault and sync updates to those secrets. It also allows customers to use DevOps Secrets Vault for fast API access and CI/CD pipeline integration while also benefiting from the additional PAM capabilities of Secret Server, such as credential rotation.
“Ideally, your machines and applications have unique accounts that are separate from the admin accounts that Secret Server governs. However, when you have credentials that require the best of both the PAM and DevOps worlds, the integration of Secret Server and DevOps Secrets Vault provides that seamlessly,” said Jai Dargan, VP of Product Management at Thycotic.
DevOps Secrets Vault logs can be pushed in near-real time to a SIEM application. These log events can be correlated by the SIEM system so administrators gain deep insight into privileged account usage and get alerts when specific events occur in DevOps Secrets Vault.
With the new Home Vault feature, every DevOps Secrets Vault user gets their own space for secrets that even admins do not have access to by default.
DevOps Secrets Vault can now issue X.509 and SSH certificates, which enables the automation of certificate signing and distribution. This feature also enables short-lived certificates, making certificate issuance and signing both highly efficient and secure.
Streamline use of the command-line
To simplify human navigation of the command-line, DevOps Secrets Vault now supports a variety of wizards that guide the user through the process of creating and updating public key infrastructure (PKI), policy, and authentication provider, among others.
DevOps Secrets Vault is a platform-agnostic, cost-effective, rapid set-up vault that is capable of high-speed secrets creation, archival, and retrieval. DevOps Secrets Vault enables AWS roles, Azure Service Principals, or GCP service accounts for bootstrapping and ongoing secure authentication. Dynamic secrets for cloud platforms can be generated to allow tools or applications to do extremely fine-grained tasks and then expire, eliminating the damage any leaked credentials can do. Thycotic is constantly adding to the list of SDKs and DevOps tool plug-ins, such as Jenkins, Kubernetes, Terraform, Chef, and Puppet.