SlideShare uma empresa Scribd logo

Mastering Secrets Management in Rundeck

Transferir como PPTX, PDF
Rundeck
Rundeck

1. The document discusses secrets management in automation workflows and how Rundeck solutions can help with key storage and integration with secrets providers. 2. It describes how Rundeck provides built-in key storage and plugins that allow integration with popular secrets managers to securely provision, access, and revoke secrets in automation jobs and workflows. 3. The presentation includes a demo of configuring secrets in Rundeck jobs using both the built-in key storage and an integration with Thycotic secrets manager.

Tecnologia
1 de 24
Shape Up Skills Builder - September 4th, 2020 Confidential Mastering Secrets Management in Rundeck September 23, 2021
Craig Hobbs Sr. Solutions Consultant - Rundeck, PagerDuty
Agenda 1 What is Secrets Management? 2 The Automation Workflow 3 DevOps Challenges and Problems 3 Rundeck Solutions for Key Storage 4 New Enterprise Secrets Plugins 5 Demo
Secrets management refers to all processes involved with provisioning, encrypting, storing, retrieving, and revoking secrets. Some of the most common types of secrets include: ● Privileged account credentials ● Passwords ● Certificates ● SSH keys ● API keys ● Encryption keys What is Secrets Management?
A secret manager grants a central space to manage, access, and audit secrets. ● Assures secrets resources available on different platforms ● Can only be accessed by authorized and authenticated users ● Replace hard coded credentials with an API call The Secrets Manager
More than ever, DevOps teams are integrating secrets management directly into elements of their automation workflows. ➔ Authenticate all access requests ➔ Automate management and apply consistent access policies ➔ Track all access and maintain a comprehensive audit ➔ Remove secrets from code, configuration files and other unprotected areas. Automating Secrets Management
● I have no visibility into who's using my secrets ● How do I control SSH key sprawl? ● What’s the latest password? ● How can I securely share secrets across my tools? ● Can we use MFA in our runbooks? ● My secrets are ephemeral, how do I use them when their constantly changing? Common Problems and Questions
Built-in Key Storage for Passwords and Secrets Rundeck OSS includes a built-in key storage facility that securely stores private keys, public keys, passwords, and other secrets for use in your Rundeck jobs.
➔ Encrypted ➔ Access Control ➔ Flexible Credentials ➔ Secure Rundeck Key Storage Features
Rundeck provides integrations with many popular vendors to enable a single tool for your entire enterprise. Rundeck Enterprise Secrets Plugins ● Decouple your secrets management from your DevOps automation ● Provision and revoke dynamically and automatically ● Access controlled authentication and authorization policies ● Cycle keys at regular intervals
DEMO
Objectives ● Use both Thycotic Cloud and Rundeck Built-in Key Storage ● Define secrets in Job Options and Node Executions ● Manage and revoke keys and passwords Rundeck Key Storage
Rundeck Makes the Secrets Management Lifecycle Easy for your DevOps workflows ● Decouple your secret management from your DevOps environment ● Leverage multiple secret stores at the same time ● Use secrets in a transitory manner across your runbooks
Learn More: https://docs.rundeck.com/docs/administration/security/storage-plugins.html Request a Demo: https://www.rundeck.com/see-demo
APPENDIX
Secrest Manager Rundeck jobs request secrets at runtime Platform Systems Automated Runbooks Jobs use secret to request access Secret manager authenticates and sends secret Jobs securely access resources Securely Retrieve Secrets in Real-Time for Access to Platform Systems and Tools Job Execution Ends Key Destroyed
Secrets Manager Job Request Secrets at Runtime Platform Systems Tools and Technologies Enterprise Plugin Integration Job uses secret to request access Job uses secret to execute tools privs
With the increase in MFA use in organizations many are asking us "How do you handle MFA with Rundeck?" The short answer is we don't and the better way to manage passwords for service accounts typically used in Automation is leverage a tool like Thycotic to cycle those passwords frequently on the end systems and pick up the current value dynamically using our Key Storage plugins. MFA with Automation
Due to changes in infrastructure and software development processes, secrets are proliferating widely. Here are a few ways enterprise transformations are affecting secrets management at scale: Why Security Matters
Rundeck Enterprise Secrets Providers

Recomendados

Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategiesFulvio Salanitro
 
Office 365 migration
Office 365 migrationOffice 365 migration
Office 365 migrationMotty Ben Atia
 
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationFrom Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationAkamai Developers & Admins
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
SCCM Intune Windows 10 Co Management Architecture Decisions
SCCM Intune Windows 10 Co Management Architecture DecisionsSCCM Intune Windows 10 Co Management Architecture Decisions
SCCM Intune Windows 10 Co Management Architecture DecisionsAnoop Nair
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
Stumbling stones when migrating from Oracle
Stumbling stones when migrating from Oracle Stumbling stones when migrating from Oracle
Stumbling stones when migrating from OracleEDB
 

Recomendados

Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategiesFulvio Salanitro
 
Office 365 migration
Office 365 migrationOffice 365 migration
Office 365 migrationMotty Ben Atia
 
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationFrom Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationAkamai Developers & Admins
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
SCCM Intune Windows 10 Co Management Architecture Decisions
SCCM Intune Windows 10 Co Management Architecture DecisionsSCCM Intune Windows 10 Co Management Architecture Decisions
SCCM Intune Windows 10 Co Management Architecture DecisionsAnoop Nair
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 
A Deepdive into Azure Networking
A Deepdive into Azure NetworkingA Deepdive into Azure Networking
A Deepdive into Azure NetworkingKarim Vaes
 
Stumbling stones when migrating from Oracle
Stumbling stones when migrating from Oracle Stumbling stones when migrating from Oracle
Stumbling stones when migrating from OracleEDB
 
Azure vmware solutions para partners
Azure vmware solutions para partnersAzure vmware solutions para partners
Azure vmware solutions para partnersskadobayashi
 
Journey Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster RecoveryJourney Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster RecoveryAmazon Web Services
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
Avaya Aura System Manager
Avaya Aura System ManagerAvaya Aura System Manager
Avaya Aura System ManagerMotty Ben Atia
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Malleswar Reddy
 
Azure vnet
Azure vnetAzure vnet
Azure vnetzekeLabs Technologies
 
The Azure Group - Azure Network Watcher
The Azure Group - Azure Network WatcherThe Azure Group - Azure Network Watcher
The Azure Group - Azure Network WatcherAdin Ermie
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Overview of Microsoft Exchange Server
Overview of Microsoft Exchange ServerOverview of Microsoft Exchange Server
Overview of Microsoft Exchange Serverbedekarpm
 
PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchitetureVuong Pham
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual TrainingSuperb Internet Training Division
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Avaya aura 6.x technical overview
Avaya aura 6.x technical overviewAvaya aura 6.x technical overview
Avaya aura 6.x technical overviewMotty Ben Atia
 
WebSphere MQ tutorial
WebSphere MQ tutorialWebSphere MQ tutorial
WebSphere MQ tutorialJoseph's WebSphere Library
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Shawn Ismail
 
How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting applicationconjur_inc
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 

Mais conteúdo relacionado

Mais procurados

Azure vmware solutions para partners
Azure vmware solutions para partnersAzure vmware solutions para partners
Azure vmware solutions para partnersskadobayashi
 
Journey Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster RecoveryJourney Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster RecoveryAmazon Web Services
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2AzureEzy1
 
Avaya Aura System Manager
Avaya Aura System ManagerAvaya Aura System Manager
Avaya Aura System ManagerMotty Ben Atia
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An IntroductionVenkatesh Narayanan
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Malleswar Reddy
 
The Azure Group - Azure Network Watcher
The Azure Group - Azure Network WatcherThe Azure Group - Azure Network Watcher
The Azure Group - Azure Network WatcherAdin Ermie
 
Overview of Microsoft Exchange Server
Overview of Microsoft Exchange ServerOverview of Microsoft Exchange Server
Overview of Microsoft Exchange Serverbedekarpm
 
PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchitetureVuong Pham
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Avaya aura 6.x technical overview
Avaya aura 6.x technical overviewAvaya aura 6.x technical overview
Avaya aura 6.x technical overviewMotty Ben Atia
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Shawn Ismail
 

Mais procurados (20)

Azure vmware solutions para partners
Azure vmware solutions para partnersAzure vmware solutions para partners
Azure vmware solutions para partners
 
Journey Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster RecoveryJourney Through The Cloud - Disaster Recovery
Journey Through The Cloud - Disaster Recovery
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2Az 104 session 6 azure networking part2
Az 104 session 6 azure networking part2
 
Avaya Aura System Manager
Avaya Aura System ManagerAvaya Aura System Manager
Avaya Aura System Manager
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...Azure IAAS architecture with High Availability for beginners and developers -...
Azure IAAS architecture with High Availability for beginners and developers -...
 
Azure vnet
Azure vnetAzure vnet
Azure vnet
 
The Azure Group - Azure Network Watcher
The Azure Group - Azure Network WatcherThe Azure Group - Azure Network Watcher
The Azure Group - Azure Network Watcher
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Overview of Microsoft Exchange Server
Overview of Microsoft Exchange ServerOverview of Microsoft Exchange Server
Overview of Microsoft Exchange Server
 
PCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteturePCF-VxRail-ReferenceArchiteture
PCF-VxRail-ReferenceArchiteture
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual Training
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Avaya aura 6.x technical overview
Avaya aura 6.x technical overviewAvaya aura 6.x technical overview
Avaya aura 6.x technical overview
 
WebSphere MQ tutorial
WebSphere MQ tutorialWebSphere MQ tutorial
WebSphere MQ tutorial
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)
 

Semelhante a Mastering Secrets Management in Rundeck

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting applicationconjur_inc
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11Richard Conway
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11clarendonint
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source WayGordon Haff
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securitycontinohq
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 

Semelhante a Mastering Secrets Management in Rundeck (20)

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting application
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and Compliance
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & security
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 

Mais de Rundeck

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleLunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleRundeck
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Rundeck
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4 What's New in Rundeck 3.4
What's New in Rundeck 3.4 Rundeck
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Rundeck
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Rundeck
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuRundeck
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response Rundeck
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Rundeck
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Rundeck
 
Rundeck Overview
Rundeck OverviewRundeck Overview
Rundeck OverviewRundeck
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationRundeck
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings Rundeck
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Rundeck
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsRundeck
 

Mais de Rundeck (20)

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleLunch and learn: Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & Ansible
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control Policies
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4 What's New in Rundeck 3.4
What's New in Rundeck 3.4
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + Sensu
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020
 
Rundeck Overview
Rundeck OverviewRundeck Overview
Rundeck Overview
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
 

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Mastering Secrets Management in Rundeck

  • 1. Shape Up Skills Builder - September 4th, 2020 Confidential Mastering Secrets Management in Rundeck September 23, 2021
  • 2. Craig Hobbs Sr. Solutions Consultant - Rundeck, PagerDuty
  • 3. Agenda 1 What is Secrets Management? 2 The Automation Workflow 3 DevOps Challenges and Problems 3 Rundeck Solutions for Key Storage 4 New Enterprise Secrets Plugins 5 Demo
  • 4. Secrets management refers to all processes involved with provisioning, encrypting, storing, retrieving, and revoking secrets. Some of the most common types of secrets include: ● Privileged account credentials ● Passwords ● Certificates ● SSH keys ● API keys ● Encryption keys What is Secrets Management?
  • 5. A secret manager grants a central space to manage, access, and audit secrets. ● Assures secrets resources available on different platforms ● Can only be accessed by authorized and authenticated users ● Replace hard coded credentials with an API call The Secrets Manager
  • 6.
  • 7. More than ever, DevOps teams are integrating secrets management directly into elements of their automation workflows. ➔ Authenticate all access requests ➔ Automate management and apply consistent access policies ➔ Track all access and maintain a comprehensive audit ➔ Remove secrets from code, configuration files and other unprotected areas. Automating Secrets Management
  • 8. ● I have no visibility into who's using my secrets ● How do I control SSH key sprawl? ● What’s the latest password? ● How can I securely share secrets across my tools? ● Can we use MFA in our runbooks? ● My secrets are ephemeral, how do I use them when their constantly changing? Common Problems and Questions
  • 9. Built-in Key Storage for Passwords and Secrets Rundeck OSS includes a built-in key storage facility that securely stores private keys, public keys, passwords, and other secrets for use in your Rundeck jobs.
  • 10. ➔ Encrypted ➔ Access Control ➔ Flexible Credentials ➔ Secure Rundeck Key Storage Features
  • 11. Rundeck provides integrations with many popular vendors to enable a single tool for your entire enterprise. Rundeck Enterprise Secrets Plugins ● Decouple your secrets management from your DevOps automation ● Provision and revoke dynamically and automatically ● Access controlled authentication and authorization policies ● Cycle keys at regular intervals
  • 12.
  • 13. DEMO
  • 14.
  • 15.
  • 16. Objectives ● Use both Thycotic Cloud and Rundeck Built-in Key Storage ● Define secrets in Job Options and Node Executions ● Manage and revoke keys and passwords Rundeck Key Storage
  • 17. Rundeck Makes the Secrets Management Lifecycle Easy for your DevOps workflows ● Decouple your secret management from your DevOps environment ● Leverage multiple secret stores at the same time ● Use secrets in a transitory manner across your runbooks
  • 20. Secrest Manager Rundeck jobs request secrets at runtime Platform Systems Automated Runbooks Jobs use secret to request access Secret manager authenticates and sends secret Jobs securely access resources Securely Retrieve Secrets in Real-Time for Access to Platform Systems and Tools Job Execution Ends Key Destroyed
  • 21. Secrets Manager Job Request Secrets at Runtime Platform Systems Tools and Technologies Enterprise Plugin Integration Job uses secret to request access Job uses secret to execute tools privs
  • 22. With the increase in MFA use in organizations many are asking us "How do you handle MFA with Rundeck?" The short answer is we don't and the better way to manage passwords for service accounts typically used in Automation is leverage a tool like Thycotic to cycle those passwords frequently on the end systems and pick up the current value dynamically using our Key Storage plugins. MFA with Automation
  • 23. Due to changes in infrastructure and software development processes, secrets are proliferating widely. Here are a few ways enterprise transformations are affecting secrets management at scale: Why Security Matters