SlideShare ist ein Scribd-Unternehmen logo
1 von 24
Downloaden Sie, um offline zu lesen
Shape Up
Skills Builder - September 4th, 2020
Confidential
Mastering Secrets Management
in Rundeck
September 23, 2021
Craig Hobbs
Sr. Solutions Consultant - Rundeck,
PagerDuty
Agenda
1 What is Secrets Management?
2 The Automation Workflow
3 DevOps Challenges and Problems
3 Rundeck Solutions for Key Storage
4 New Enterprise Secrets Plugins
5 Demo
Secrets management refers to all processes involved with provisioning, encrypting,
storing, retrieving, and revoking secrets.
Some of the most common types of secrets include:
● Privileged account credentials
● Passwords
● Certificates
● SSH keys
● API keys
● Encryption keys
What is Secrets Management?
A secret manager grants a central space to manage,
access, and audit secrets.
● Assures secrets resources available on different
platforms
● Can only be accessed by authorized and
authenticated users
● Replace hard coded credentials with an API call
The Secrets Manager
Mastering Secrets Management in Rundeck
More than ever, DevOps teams are integrating secrets
management directly into elements of their automation
workflows.
➔ Authenticate all access requests
➔ Automate management and apply consistent access policies
➔ Track all access and maintain a comprehensive audit
➔ Remove secrets from code, configuration files and other
unprotected areas.
Automating Secrets Management
● I have no visibility into who's using my secrets
● How do I control SSH key sprawl?
● What’s the latest password?
● How can I securely share secrets across my tools?
● Can we use MFA in our runbooks?
● My secrets are ephemeral, how do I use them
when their constantly changing?
Common Problems and Questions
Built-in Key Storage for Passwords and Secrets
Rundeck OSS includes a built-in key storage facility that securely stores
private keys, public keys, passwords, and other secrets for use in your
Rundeck jobs.
➔ Encrypted
➔ Access Control
➔ Flexible Credentials
➔ Secure
Rundeck Key Storage Features
Rundeck provides integrations with many popular vendors to enable a single tool for
your entire enterprise.
Rundeck Enterprise Secrets Plugins
● Decouple your secrets management from your DevOps automation
● Provision and revoke dynamically and automatically
● Access controlled authentication and authorization policies
● Cycle keys at regular intervals
Mastering Secrets Management in Rundeck
DEMO
Mastering Secrets Management in Rundeck
Mastering Secrets Management in Rundeck
Objectives
● Use both Thycotic Cloud and Rundeck Built-in Key Storage
● Define secrets in Job Options and Node Executions
● Manage and revoke keys and passwords
Rundeck Key Storage
Rundeck Makes the Secrets Management Lifecycle
Easy for your DevOps workflows
● Decouple your secret management from your DevOps environment
● Leverage multiple secret stores at the same time
● Use secrets in a transitory manner across your runbooks
Learn More:
https://docs.rundeck.com/docs/administration/security/storage-plugins.html
Request a Demo: https://www.rundeck.com/see-demo
APPENDIX
Secrest Manager
Rundeck jobs request secrets
at runtime
Platform Systems
Automated
Runbooks
Jobs use secret to
request access
Secret manager authenticates
and sends secret
Jobs securely
access resources
Securely Retrieve Secrets in Real-Time for Access to
Platform Systems and Tools
Job Execution Ends
Key Destroyed
Secrets Manager
Job Request Secrets at
Runtime
Platform Systems
Tools and Technologies
Enterprise Plugin Integration
Job uses secret to
request access
Job uses secret to
execute tools privs
With the increase in MFA use in organizations many are asking us "How do
you handle MFA with Rundeck?" The short answer is we don't and the
better way to manage passwords for service accounts typically used in
Automation is leverage a tool like Thycotic to cycle those passwords
frequently on the end systems and pick up the current value dynamically
using our Key Storage plugins.
MFA with Automation
Due to changes in infrastructure and software development processes, secrets are
proliferating widely. Here are a few ways enterprise transformations are affecting
secrets management at scale:
Why Security Matters
Rundeck Enterprise Secrets Providers

Weitere ähnliche Inhalte

Was ist angesagt?

Ansible Integration in Foreman
Ansible Integration in ForemanAnsible Integration in Foreman
Ansible Integration in ForemanNikhil Kathole
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Mitchell Pronschinske
 
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxHashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxssuser0d6c88
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetesrajdeep
 
Intelligent IoT Gateway on OpenWrt
Intelligent IoT Gateway on OpenWrtIntelligent IoT Gateway on OpenWrt
Intelligent IoT Gateway on OpenWrtTieto Corporation
 
Practical Operation Automation with StackStorm
Practical Operation Automation with StackStormPractical Operation Automation with StackStorm
Practical Operation Automation with StackStormShu Sugimoto
 
Azure Backup 設定手順書 2018
Azure Backup 設定手順書 2018Azure Backup 設定手順書 2018
Azure Backup 設定手順書 2018Emi Morishita
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarPascal Larocque
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski buildacloud
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDJulian Mazzitelli
 
The Best Storage Solution For CloudStack: LINSTOR
The Best Storage Solution For CloudStack: LINSTORThe Best Storage Solution For CloudStack: LINSTOR
The Best Storage Solution For CloudStack: LINSTORShapeBlue
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101LorisPack Project
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...LINE Corporation
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSaim Safder
 

Was ist angesagt? (20)

Ansible Integration in Foreman
Ansible Integration in ForemanAnsible Integration in Foreman
Ansible Integration in Foreman
 
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
Terraform 0.12 Deep Dive: HCL 2.0 for Infrastructure as Code, Remote Plan & A...
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptxHashicorp-Certified-Terraform-Associate-v3-edited.pptx
Hashicorp-Certified-Terraform-Associate-v3-edited.pptx
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Intelligent IoT Gateway on OpenWrt
Intelligent IoT Gateway on OpenWrtIntelligent IoT Gateway on OpenWrt
Intelligent IoT Gateway on OpenWrt
 
Practical Operation Automation with StackStorm
Practical Operation Automation with StackStormPractical Operation Automation with StackStorm
Practical Operation Automation with StackStorm
 
Azure Backup 設定手順書 2018
Azure Backup 設定手順書 2018Azure Backup 設定手順書 2018
Azure Backup 設定手順書 2018
 
Continuous integration using Jenkins and Sonar
Continuous integration using Jenkins and SonarContinuous integration using Jenkins and Sonar
Continuous integration using Jenkins and Sonar
 
Eap sim
Eap simEap sim
Eap sim
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
 
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CDA GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
A GitOps Kubernetes Native CICD Solution with Argo Events, Workflows, and CD
 
The Best Storage Solution For CloudStack: LINSTOR
The Best Storage Solution For CloudStack: LINSTORThe Best Storage Solution For CloudStack: LINSTOR
The Best Storage Solution For CloudStack: LINSTOR
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with Foreman
 
Docker networking Tutorial 101
Docker networking Tutorial 101Docker networking Tutorial 101
Docker networking Tutorial 101
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with Kyverno
 

Ähnlich wie Mastering Secrets Management in Rundeck

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting applicationconjur_inc
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceKevin Gilpin
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scaleAlex Schoof
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11clarendonint
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11Richard Conway
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environmentTaswar Bhatti
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Mary Racter
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An IntroductionForgeRock
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source WayGordon Haff
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceMarc Boorshtein
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securitycontinohq
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjurconjur_inc
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 

Ähnlich wie Mastering Secrets Management in Rundeck (20)

How to build a self-documenting application
How to build a self-documenting applicationHow to build a self-documenting application
How to build a self-documenting application
 
Building A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and ComplianceBuilding A Self-Documenting Application: A Study in Chef and Compliance
Building A Self-Documenting Application: A Study in Chef and Compliance
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
Service Management Dec 11
Service Management Dec 11Service Management Dec 11
Service Management Dec 11
 
Service management Dec 11
Service management Dec 11Service management Dec 11
Service management Dec 11
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
OpenAM - An Introduction
OpenAM - An IntroductionOpenAM - An Introduction
OpenAM - An Introduction
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
 
Hashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & securityHashicorp Tooling: Value, efficiency & security
Hashicorp Tooling: Value, efficiency & security
 
Q Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - ConjurQ Con New York 2015 Presentation - Conjur
Q Con New York 2015 Presentation - Conjur
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 

Mehr von Rundeck

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours:  Using Variables with Job Steps Rundeck Community Office Hours:  Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps Rundeck
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationRundeck
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn:  Getting started with Rundeck & AnsibleLunch and learn:  Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & AnsibleRundeck
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations:  Safely Delegate the Management of your Cloud ...Self Service Cloud Operations:  Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...Rundeck
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours:  Best Practices Access Control PoliciesRundeck Office Hours:  Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control PoliciesRundeck
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4   What's New in Rundeck 3.4
What's New in Rundeck 3.4 Rundeck
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job:  Safely Delegate the Management of your Azure...Automate Yourself Out of a Job:  Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...Rundeck
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Rundeck
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuRundeck
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response Rundeck
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Rundeck
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Rundeck
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationRundeck
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings Rundeck
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Rundeck
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Rundeck
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsRundeck
 
You Build It, But How Are You Going to Run It?
You Build It, But How Are You Going to Run It? You Build It, But How Are You Going to Run It?
You Build It, But How Are You Going to Run It? Rundeck
 

Mehr von Rundeck (20)

Rundeck Community Office Hours: Using Variables with Job Steps
Rundeck Community Office Hours:  Using Variables with Job Steps Rundeck Community Office Hours:  Using Variables with Job Steps
Rundeck Community Office Hours: Using Variables with Job Steps
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
Lunch and learn: Getting started with Rundeck & Ansible
Lunch and learn:  Getting started with Rundeck & AnsibleLunch and learn:  Getting started with Rundeck & Ansible
Lunch and learn: Getting started with Rundeck & Ansible
 
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations:  Safely Delegate the Management of your Cloud ...Self Service Cloud Operations:  Safely Delegate the Management of your Cloud ...
Self Service Cloud Operations: Safely Delegate the Management of your Cloud ...
 
Rundeck Office Hours: Best Practices Access Control Policies
Rundeck Office Hours:  Best Practices Access Control PoliciesRundeck Office Hours:  Best Practices Access Control Policies
Rundeck Office Hours: Best Practices Access Control Policies
 
What's New in Rundeck 3.4
What's New in Rundeck 3.4   What's New in Rundeck 3.4
What's New in Rundeck 3.4
 
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job:  Safely Delegate the Management of your Azure...Automate Yourself Out of a Job:  Safely Delegate the Management of your Azure...
Automate Yourself Out of a Job: Safely Delegate the Management of your Azure...
 
Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation Super-Charge Your Site Reliability Practices with Runbook Automation
Super-Charge Your Site Reliability Practices with Runbook Automation
 
Introduction to Rundeck
Introduction to Rundeck Introduction to Rundeck
Introduction to Rundeck
 
Automated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + SensuAutomated Remediation with Rundeck + Sensu
Automated Remediation with Rundeck + Sensu
 
Modernizing Incident Response
Modernizing Incident Response Modernizing Incident Response
Modernizing Incident Response
 
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
Runbook Automation: Old News or a Key to Unlock Performance? [DOES2020]
 
Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020Datadog + Rundeck at DASH 2020
Datadog + Rundeck at DASH 2020
 
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital TransformationEmpower Devs, Simplify Ops, and Accelerate your Digital Transformation
Empower Devs, Simplify Ops, and Accelerate your Digital Transformation
 
Advanced Cluster Settings
Advanced Cluster Settings Advanced Cluster Settings
Advanced Cluster Settings
 
Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration Maximizing Your Rundeck Migration
Maximizing Your Rundeck Migration
 
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
Business Continuity for Humans: Keeping Your Business Running When Your Peopl...
 
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer EscalationsPagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
PagerDuty + Rundeck = Shorter Incidents, Fewer Escalations
 
You Build It, But How Are You Going to Run It?
You Build It, But How Are You Going to Run It? You Build It, But How Are You Going to Run It?
You Build It, But How Are You Going to Run It?
 

Kürzlich hochgeladen

Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 

Kürzlich hochgeladen (20)

Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 

Mastering Secrets Management in Rundeck

  • 1. Shape Up Skills Builder - September 4th, 2020 Confidential Mastering Secrets Management in Rundeck September 23, 2021
  • 2. Craig Hobbs Sr. Solutions Consultant - Rundeck, PagerDuty
  • 3. Agenda 1 What is Secrets Management? 2 The Automation Workflow 3 DevOps Challenges and Problems 3 Rundeck Solutions for Key Storage 4 New Enterprise Secrets Plugins 5 Demo
  • 4. Secrets management refers to all processes involved with provisioning, encrypting, storing, retrieving, and revoking secrets. Some of the most common types of secrets include: ● Privileged account credentials ● Passwords ● Certificates ● SSH keys ● API keys ● Encryption keys What is Secrets Management?
  • 5. A secret manager grants a central space to manage, access, and audit secrets. ● Assures secrets resources available on different platforms ● Can only be accessed by authorized and authenticated users ● Replace hard coded credentials with an API call The Secrets Manager
  • 7. More than ever, DevOps teams are integrating secrets management directly into elements of their automation workflows. ➔ Authenticate all access requests ➔ Automate management and apply consistent access policies ➔ Track all access and maintain a comprehensive audit ➔ Remove secrets from code, configuration files and other unprotected areas. Automating Secrets Management
  • 8. ● I have no visibility into who's using my secrets ● How do I control SSH key sprawl? ● What’s the latest password? ● How can I securely share secrets across my tools? ● Can we use MFA in our runbooks? ● My secrets are ephemeral, how do I use them when their constantly changing? Common Problems and Questions
  • 9. Built-in Key Storage for Passwords and Secrets Rundeck OSS includes a built-in key storage facility that securely stores private keys, public keys, passwords, and other secrets for use in your Rundeck jobs.
  • 10. ➔ Encrypted ➔ Access Control ➔ Flexible Credentials ➔ Secure Rundeck Key Storage Features
  • 11. Rundeck provides integrations with many popular vendors to enable a single tool for your entire enterprise. Rundeck Enterprise Secrets Plugins ● Decouple your secrets management from your DevOps automation ● Provision and revoke dynamically and automatically ● Access controlled authentication and authorization policies ● Cycle keys at regular intervals
  • 13. DEMO
  • 16. Objectives ● Use both Thycotic Cloud and Rundeck Built-in Key Storage ● Define secrets in Job Options and Node Executions ● Manage and revoke keys and passwords Rundeck Key Storage
  • 17. Rundeck Makes the Secrets Management Lifecycle Easy for your DevOps workflows ● Decouple your secret management from your DevOps environment ● Leverage multiple secret stores at the same time ● Use secrets in a transitory manner across your runbooks
  • 20. Secrest Manager Rundeck jobs request secrets at runtime Platform Systems Automated Runbooks Jobs use secret to request access Secret manager authenticates and sends secret Jobs securely access resources Securely Retrieve Secrets in Real-Time for Access to Platform Systems and Tools Job Execution Ends Key Destroyed
  • 21. Secrets Manager Job Request Secrets at Runtime Platform Systems Tools and Technologies Enterprise Plugin Integration Job uses secret to request access Job uses secret to execute tools privs
  • 22. With the increase in MFA use in organizations many are asking us "How do you handle MFA with Rundeck?" The short answer is we don't and the better way to manage passwords for service accounts typically used in Automation is leverage a tool like Thycotic to cycle those passwords frequently on the end systems and pick up the current value dynamically using our Key Storage plugins. MFA with Automation
  • 23. Due to changes in infrastructure and software development processes, secrets are proliferating widely. Here are a few ways enterprise transformations are affecting secrets management at scale: Why Security Matters