Secrets Management in a Multi-Cloud Kubernetes Environment
Blomqvist, Markus (2021-05-05)
Secrets Management in a Multi-Cloud Kubernetes Environment
(05.05.2021)
Lataukset:
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2021051930689
https://urn.fi/URN:NBN:fi-fe2021051930689
Tiivistelmä
Secrets are anything that can be used to authorize or authenticate to e.g. cloud services, databases, APIs etc. They are something that an organization must protect from being ended up in the wrong hands. As the size of the organization grows, the importance of protecting the business-critical secrets becomes more and more relevant and that is why the organizations also must pay an increasing amount of attention to their secrets management as the organization grows.
The secrets being compromised is a threat that can be prevented with a variety of methods. Configuring all of these prevention methods manually is non-trivial. Secrets management platforms implement these methods by both improving security and automating tasks. The use cases of a secrets management platform might have great variety between organizations based on their requirements. Some organizations might want to fully automate the entire lifecycle of their secrets management and use extensive features of a secrets management platform, whereas many others would only need to store their existing credentials to a centralized and secure location.
A case study is performed on the secrets management of a company called Anders Innovations. Their adoption of a secrets management platform required some further investigation as their end goal was to get a full cloud-agnostic service that can automate their secrets management. The research questions are made with a mindset that they would act as a reference for other organization in plans of adopting a secrets management platform. The first research question is about generalizing the cloud-agnosticism of secrets management. The second research question aims to clarify the automation of secrets management in automated build environments, which are being used in an increasing amount as organizations adopt new DevOps practices. The third research question is about combining the access rights management with an existing system of an organization.
The secrets being compromised is a threat that can be prevented with a variety of methods. Configuring all of these prevention methods manually is non-trivial. Secrets management platforms implement these methods by both improving security and automating tasks. The use cases of a secrets management platform might have great variety between organizations based on their requirements. Some organizations might want to fully automate the entire lifecycle of their secrets management and use extensive features of a secrets management platform, whereas many others would only need to store their existing credentials to a centralized and secure location.
A case study is performed on the secrets management of a company called Anders Innovations. Their adoption of a secrets management platform required some further investigation as their end goal was to get a full cloud-agnostic service that can automate their secrets management. The research questions are made with a mindset that they would act as a reference for other organization in plans of adopting a secrets management platform. The first research question is about generalizing the cloud-agnosticism of secrets management. The second research question aims to clarify the automation of secrets management in automated build environments, which are being used in an increasing amount as organizations adopt new DevOps practices. The third research question is about combining the access rights management with an existing system of an organization.