Managing SSL / TLS certificates in the clouds and containers - not human work
From a Venafi presentation: how manual certificate installation slows down the process of continuous integration and application deployment
Cloud services and containers have become the de facto standard for deploying web applications. However, the integration of SSL / TLS certificates into the DevOps environment remains too complicated and slow. Many tasks are still performed manually, and this is a very big load on devops. In a virtual environment with containers, the number of machines on the network increases dramatically, and protection of machine-machine connections and communications between them is still needed. If in such an environment the issuance of certificates and management practices is poorly established, the lack of reliable authentication of each machine increases the attack surface.
If everything is done manually, developers oftengive priority to speed and simplicity, not security . Sometimes, for the sake of speed, they choose simpler options: creating your own certification authority (CA) with self-signed certificates, weak encryption algorithms, importing untrusted root certificates, inadequate protection of secret keys for root and intermediate CAs. And sometimes devs do not use SSL / TLS at all to encrypt communications between machines and containers.
To solve this problem, several new services appeared on the market that integrate directly into the continuous integration / delivery cycle (CI / CD) and automate the process.
These services offer improved security and increased development productivity, as well as compliance with security regulatory standards such as PCI-DSS, NIST, and HIPAA. And support requires only a few lines of code. One of these services since April 2017 is provided by Venafi, which specializes in information security solutions.
Place Venafi Cloud in the pipeline CI / CD
Service Venafi Cloud for DevOps - integrated cloud service, which is conveniently embeds a cryptographic key infrastructure and digital certificates to popular enterprise DevOps platforms. The company recently announced the integration of Venafi Cloud with the GlobalSign PKI public key infrastructure.
Venafi Cloud helps manage SSL / TLS certificates. You can test the platform as part of a free beta .
- Tracking all external certificates.
- Continuous monitoring and viewing where each internal certificate is installed (a lightweight scanner is used).
- Identification of potential vulnerabilities.
- Automatic request and renewal of certificates, integration with a certification authority. Certificates are delivered within seconds. Issuing certificates directly to the CI / CD pipelines and applying appropriate policies for each environment.
- Automatic installation of certificates through the REST API, integration with DevOps tools and the ACME server (Automated Certificate Management Environment).
- Report generation.
Venafi Cloud initially offers integration with DevOps tools, including Hashicorp Terraform, Hashicorp Vault, SaltStack, Ansible, Docker, and Jetstack Cert-Manager. Venafi Cloud and GlobalSign PKI DevOps provide well-documented standard interfaces, including the REST API, the open source VCert SDK (available in Go and Python), and ACME. Businesses of all sizes can now have one machine identification service in their hybrid infrastructure and multiple clouds, which helps increase DevOps speed.
The main functions of Venafi Cloud are listed in the table.
SPECIAL CONDITIONS for PKI solutions for enterprises are valid until 11.30.2019 under the promo code AL002HRFR for new customers. For details, contact the managers +7 (499) 678 2210, firstname.lastname@example.org.