SlideShare una empresa de Scribd logo

Mastering Secrets Management in Rundeck

Descargar como PPTX, PDF
Rundeck
Rundeck

1. The document discusses secrets management in automation workflows and how Rundeck solutions can help with key storage and integration with secrets providers. 2. It describes how Rundeck provides built-in key storage and plugins that allow integration with popular secrets managers to securely provision, access, and revoke secrets in automation jobs and workflows. 3. The presentation includes a demo of configuring secrets in Rundeck jobs using both the built-in key storage and an integration with Thycotic secrets manager.

Tecnología
1 de 24
Shape Up Skills Builder - September 4th, 2020 Confidential Mastering Secrets Management in Rundeck September 23, 2021
Craig Hobbs Sr. Solutions Consultant - Rundeck, PagerDuty
Agenda 1 What is Secrets Management? 2 The Automation Workflow 3 DevOps Challenges and Problems 3 Rundeck Solutions for Key Storage 4 New Enterprise Secrets Plugins 5 Demo
Secrets management refers to all processes involved with provisioning, encrypting, storing, retrieving, and revoking secrets. Some of the most common types of secrets include: ● Privileged account credentials ● Passwords ● Certificates ● SSH keys ● API keys ● Encryption keys What is Secrets Management?
A secret manager grants a central space to manage, access, and audit secrets. ● Assures secrets resources available on different platforms ● Can only be accessed by authorized and authenticated users ● Replace hard coded credentials with an API call The Secrets Manager
More than ever, DevOps teams are integrating secrets management directly into elements of their automation workflows. ➔ Authenticate all access requests ➔ Automate management and apply consistent access policies ➔ Track all access and maintain a comprehensive audit ➔ Remove secrets from code, configuration files and other unprotected areas. Automating Secrets Management
● I have no visibility into who's using my secrets ● How do I control SSH key sprawl? ● What’s the latest password? ● How can I securely share secrets across my tools? ● Can we use MFA in our runbooks? ● My secrets are ephemeral, how do I use them when their constantly changing? Common Problems and Questions
Built-in Key Storage for Passwords and Secrets Rundeck OSS includes a built-in key storage facility that securely stores private keys, public keys, passwords, and other secrets for use in your Rundeck jobs.
➔ Encrypted ➔ Access Control ➔ Flexible Credentials ➔ Secure Rundeck Key Storage Features
Rundeck provides integrations with many popular vendors to enable a single tool for your entire enterprise. Rundeck Enterprise Secrets Plugins ● Decouple your secrets management from your DevOps automation ● Provision and revoke dynamically and automatically ● Access controlled authentication and authorization policies ● Cycle keys at regular intervals
DEMO
Objectives ● Use both Thycotic Cloud and Rundeck Built-in Key Storage ● Define secrets in Job Options and Node Executions ● Manage and revoke keys and passwords Rundeck Key Storage
Rundeck Makes the Secrets Management Lifecycle Easy for your DevOps workflows ● Decouple your secret management from your DevOps environment ● Leverage multiple secret stores at the same time ● Use secrets in a transitory manner across your runbooks
Learn More: https://docs.rundeck.com/docs/administration/security/storage-plugins.html Request a Demo: https://www.rundeck.com/see-demo
APPENDIX
Secrest Manager Rundeck jobs request secrets at runtime Platform Systems Automated Runbooks Jobs use secret to request access Secret manager authenticates and sends secret Jobs securely access resources Securely Retrieve Secrets in Real-Time for Access to Platform Systems and Tools Job Execution Ends Key Destroyed
Secrets Manager Job Request Secrets at Runtime Platform Systems Tools and Technologies Enterprise Plugin Integration Job uses secret to request access Job uses secret to execute tools privs
With the increase in MFA use in organizations many are asking us "How do you handle MFA with Rundeck?" The short answer is we don't and the better way to manage passwords for service accounts typically used in Automation is leverage a tool like Thycotic to cycle those passwords frequently on the end systems and pick up the current value dynamically using our Key Storage plugins. MFA with Automation
Due to changes in infrastructure and software development processes, secrets are proliferating widely. Here are a few ways enterprise transformations are affecting secrets management at scale: Why Security Matters
Rundeck Enterprise Secrets Providers

Recomendados

Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Noa Harel
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Introduction to Gitlab
Introduction to GitlabIntroduction to Gitlab
Introduction to GitlabJulien Pivotto
 
Introduction to Gitlab | Gitlab 101 | Training Session
Introduction to Gitlab | Gitlab 101 | Training SessionIntroduction to Gitlab | Gitlab 101 | Training Session
Introduction to Gitlab | Gitlab 101 | Training SessionAnwarul Islam
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptxBhushan Rane
 
Git One Day Training Notes
Git One Day Training NotesGit One Day Training Notes
Git One Day Training Notesglen_a_smith
 
Presentacion git
Presentacion gitPresentacion git
Presentacion gitIgnacio Martín
 
Présentation de git
Présentation de gitPrésentation de git
Présentation de gitJulien Blin
 

Recomendados

Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Introducing GitLab (June 2018)
Introducing GitLab (June 2018)Noa Harel
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Introduction to Gitlab
Introduction to GitlabIntroduction to Gitlab
Introduction to GitlabJulien Pivotto
 
Introduction to Gitlab | Gitlab 101 | Training Session
Introduction to Gitlab | Gitlab 101 | Training SessionIntroduction to Gitlab | Gitlab 101 | Training Session
Introduction to Gitlab | Gitlab 101 | Training SessionAnwarul Islam
 
Grafana.pptx
Grafana.pptxGrafana.pptx
Grafana.pptxBhushan Rane
 
Git One Day Training Notes
Git One Day Training NotesGit One Day Training Notes
Git One Day Training Notesglen_a_smith
 
Presentacion git
Presentacion gitPresentacion git
Presentacion gitIgnacio Martín
 
Présentation de git
Présentation de gitPrésentation de git
Présentation de gitJulien Blin
 
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...Jitendra Bafna
 
Presentation Help Desk Scd
Presentation Help Desk ScdPresentation Help Desk Scd
Presentation Help Desk ScdNathalie Clot
 
La revue de code : facile !
La revue de code : facile !La revue de code : facile !
La revue de code : facile !Lucian Precup
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerNoa Harel
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
Git tutorial
Git tutorialGit tutorial
Git tutorialElli Kanal
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub ActionsBo-Yi Wu
 
Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020Lorenzo Miniero
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with KotlinRapidValue
 
[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민NAVER D2
 
Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10Quotient Management
 
Git and Github workshop
Git and Github workshopGit and Github workshop
Git and Github workshopOtto Kekäläinen
 
Conférence big data
Conférence big dataConférence big data
Conférence big dataStéphane Traumat
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentBangladesh Network Operators Group
 
Neoito — GitLab for project management
Neoito — GitLab for project managementNeoito — GitLab for project management
Neoito — GitLab for project managementNeoito
 
What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020Noa Harel
 
Git and GitHub workflows
Git and GitHub workflowsGit and GitHub workflows
Git and GitHub workflowsArthur Shvetsov
 
Giới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bảnGiới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bảnHuy Nguyen Quang
 
Making the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self ServiceMaking the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self ServiceBMC Software
 
Introduction to git
Introduction to gitIntroduction to git
Introduction to gitRandal Schwartz
 
How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting applicationconjur_inc
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 

Más contenido relacionado

La actualidad más candente

MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...Jitendra Bafna
 
Presentation Help Desk Scd
Presentation Help Desk ScdPresentation Help Desk Scd
Presentation Help Desk ScdNathalie Clot
 
La revue de code : facile !
La revue de code : facile !La revue de code : facile !
La revue de code : facile !Lucian Precup
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerNoa Harel
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub ActionsBo-Yi Wu
 
Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020Lorenzo Miniero
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with KotlinRapidValue
 
[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민NAVER D2
 
Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10Quotient Management
 
Neoito — GitLab for project management
Neoito — GitLab for project managementNeoito — GitLab for project management
Neoito — GitLab for project managementNeoito
 
What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020Noa Harel
 
Git and GitHub workflows
Git and GitHub workflowsGit and GitHub workflows
Git and GitHub workflowsArthur Shvetsov
 
Giới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bảnGiới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bảnHuy Nguyen Quang
 
Making the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self ServiceMaking the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self ServiceBMC Software
 

La actualidad más candente (20)

MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
MuleSoft Surat Meetup#52 - Flex Gateway (Port Based Routing V/S Path Based Ro...
 
Presentation Help Desk Scd
Presentation Help Desk ScdPresentation Help Desk Scd
Presentation Help Desk Scd
 
La revue de code : facile !
La revue de code : facile !La revue de code : facile !
La revue de code : facile !
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source World
 
Git tutorial
Git tutorialGit tutorial
Git tutorial
 
Introduction to GitHub Actions
Introduction to GitHub ActionsIntroduction to GitHub Actions
Introduction to GitHub Actions
 
Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020Janus RTP forwarders @ FOSDEM 2020
Janus RTP forwarders @ FOSDEM 2020
 
Appium Automation with Kotlin
Appium Automation with KotlinAppium Automation with Kotlin
Appium Automation with Kotlin
 
[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민[225]yarn 기반의 deep learning application cluster 구축 김제민
[225]yarn 기반의 deep learning application cluster 구축 김제민
 
Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10Les 4 piliers de l’intelligence d’affaires.03.10
Les 4 piliers de l’intelligence d’affaires.03.10
 
Git and Github workshop
Git and Github workshopGit and Github workshop
Git and Github workshop
 
Conférence big data
Conférence big dataConférence big data
Conférence big data
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
Neoito — GitLab for project management
Neoito — GitLab for project managementNeoito — GitLab for project management
Neoito — GitLab for project management
 
What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020What's New for GitLab CI/CD February 2020
What's New for GitLab CI/CD February 2020
 
Git and GitHub workflows
Git and GitHub workflowsGit and GitHub workflows
Git and GitHub workflows
 
Giới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bảnGiới thiệu Git và một số tính năng cơ bản
Giới thiệu Git và một số tính năng cơ bản
 
Making the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self ServiceMaking the Most of BMC Control-M and Self Service
Making the Most of BMC Control-M and Self Service
 
Introduction to git
Introduction to gitIntroduction to git
Introduction to git
 

Similar a Mastering Secrets Management in Rundeck

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting applicationconjur_inc
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11Richard Conway
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11clarendonint
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source WayGordon Haff
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securitycontinohq
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 

Similar a Mastering Secrets Management in Rundeck (20)

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting application
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and Compliance
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & security
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 

Más de Rundeck

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleLunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleRundeck
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Rundeck
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4 What's New in Rundeck 3.4
What's New in Rundeck 3.4 Rundeck
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Rundeck
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Rundeck
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuRundeck
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response Rundeck
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Rundeck
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Rundeck
 
Rundeck Overview
Rundeck OverviewRundeck Overview
Rundeck OverviewRundeck
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationRundeck
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings Rundeck
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Rundeck
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsRundeck
 

Más de Rundeck (20)

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleLunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & Ansible
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control Policies
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4 What's New in Rundeck 3.4
What's New in Rundeck 3.4
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + Sensu
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020
 
Rundeck Overview
Rundeck OverviewRundeck Overview
Rundeck Overview
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
 

Último

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Mastering Secrets Management in Rundeck

  • 1. Shape Up Skills Builder - September 4th, 2020 Confidential Mastering Secrets Management in Rundeck September 23, 2021
  • 2. Craig Hobbs Sr. Solutions Consultant - Rundeck, PagerDuty
  • 3. Agenda 1 What is Secrets Management? 2 The Automation Workflow 3 DevOps Challenges and Problems 3 Rundeck Solutions for Key Storage 4 New Enterprise Secrets Plugins 5 Demo
  • 4. Secrets management refers to all processes involved with provisioning, encrypting, storing, retrieving, and revoking secrets. Some of the most common types of secrets include: ● Privileged account credentials ● Passwords ● Certificates ● SSH keys ● API keys ● Encryption keys What is Secrets Management?
  • 5. A secret manager grants a central space to manage, access, and audit secrets. ● Assures secrets resources available on different platforms ● Can only be accessed by authorized and authenticated users ● Replace hard coded credentials with an API call The Secrets Manager
  • 6.
  • 7. More than ever, DevOps teams are integrating secrets management directly into elements of their automation workflows. ➔ Authenticate all access requests ➔ Automate management and apply consistent access policies ➔ Track all access and maintain a comprehensive audit ➔ Remove secrets from code, configuration files and other unprotected areas. Automating Secrets Management
  • 8. ● I have no visibility into who's using my secrets ● How do I control SSH key sprawl? ● What’s the latest password? ● How can I securely share secrets across my tools? ● Can we use MFA in our runbooks? ● My secrets are ephemeral, how do I use them when their constantly changing? Common Problems and Questions
  • 9. Built-in Key Storage for Passwords and Secrets Rundeck OSS includes a built-in key storage facility that securely stores private keys, public keys, passwords, and other secrets for use in your Rundeck jobs.
  • 10. ➔ Encrypted ➔ Access Control ➔ Flexible Credentials ➔ Secure Rundeck Key Storage Features
  • 11. Rundeck provides integrations with many popular vendors to enable a single tool for your entire enterprise. Rundeck Enterprise Secrets Plugins ● Decouple your secrets management from your DevOps automation ● Provision and revoke dynamically and automatically ● Access controlled authentication and authorization policies ● Cycle keys at regular intervals
  • 12.
  • 13. DEMO
  • 14.
  • 15.
  • 16. Objectives ● Use both Thycotic Cloud and Rundeck Built-in Key Storage ● Define secrets in Job Options and Node Executions ● Manage and revoke keys and passwords Rundeck Key Storage
  • 17. Rundeck Makes the Secrets Management Lifecycle Easy for your DevOps workflows ● Decouple your secret management from your DevOps environment ● Leverage multiple secret stores at the same time ● Use secrets in a transitory manner across your runbooks
  • 20. Secrest Manager Rundeck jobs request secrets at runtime Platform Systems Automated Runbooks Jobs use secret to request access Secret manager authenticates and sends secret Jobs securely access resources Securely Retrieve Secrets in Real-Time for Access to Platform Systems and Tools Job Execution Ends Key Destroyed
  • 21. Secrets Manager Job Request Secrets at Runtime Platform Systems Tools and Technologies Enterprise Plugin Integration Job uses secret to request access Job uses secret to execute tools privs
  • 22. With the increase in MFA use in organizations many are asking us "How do you handle MFA with Rundeck?" The short answer is we don't and the better way to manage passwords for service accounts typically used in Automation is leverage a tool like Thycotic to cycle those passwords frequently on the end systems and pick up the current value dynamically using our Key Storage plugins. MFA with Automation
  • 23. Due to changes in infrastructure and software development processes, secrets are proliferating widely. Here are a few ways enterprise transformations are affecting secrets management at scale: Why Security Matters