1. The document discusses secrets management in automation workflows and how Rundeck solutions can help with key storage and integration with secrets providers.
2. It describes how Rundeck provides built-in key storage and plugins that allow integration with popular secrets managers to securely provision, access, and revoke secrets in automation jobs and workflows.
3. The presentation includes a demo of configuring secrets in Rundeck jobs using both the built-in key storage and an integration with Thycotic secrets manager.
3. Agenda
1 What is Secrets Management?
2 The Automation Workflow
3 DevOps Challenges and Problems
3 Rundeck Solutions for Key Storage
4 New Enterprise Secrets Plugins
5 Demo
4. Secrets management refers to all processes involved with provisioning, encrypting,
storing, retrieving, and revoking secrets.
Some of the most common types of secrets include:
● Privileged account credentials
● Passwords
● Certificates
● SSH keys
● API keys
● Encryption keys
What is Secrets Management?
5. A secret manager grants a central space to manage,
access, and audit secrets.
● Assures secrets resources available on different
platforms
● Can only be accessed by authorized and
authenticated users
● Replace hard coded credentials with an API call
The Secrets Manager
7. More than ever, DevOps teams are integrating secrets
management directly into elements of their automation
workflows.
➔ Authenticate all access requests
➔ Automate management and apply consistent access policies
➔ Track all access and maintain a comprehensive audit
➔ Remove secrets from code, configuration files and other
unprotected areas.
Automating Secrets Management
8. ● I have no visibility into who's using my secrets
● How do I control SSH key sprawl?
● What’s the latest password?
● How can I securely share secrets across my tools?
● Can we use MFA in our runbooks?
● My secrets are ephemeral, how do I use them
when their constantly changing?
Common Problems and Questions
9. Built-in Key Storage for Passwords and Secrets
Rundeck OSS includes a built-in key storage facility that securely stores
private keys, public keys, passwords, and other secrets for use in your
Rundeck jobs.
10. ➔ Encrypted
➔ Access Control
➔ Flexible Credentials
➔ Secure
Rundeck Key Storage Features
11. Rundeck provides integrations with many popular vendors to enable a single tool for
your entire enterprise.
Rundeck Enterprise Secrets Plugins
● Decouple your secrets management from your DevOps automation
● Provision and revoke dynamically and automatically
● Access controlled authentication and authorization policies
● Cycle keys at regular intervals
16. Objectives
● Use both Thycotic Cloud and Rundeck Built-in Key Storage
● Define secrets in Job Options and Node Executions
● Manage and revoke keys and passwords
Rundeck Key Storage
17. Rundeck Makes the Secrets Management Lifecycle
Easy for your DevOps workflows
● Decouple your secret management from your DevOps environment
● Leverage multiple secret stores at the same time
● Use secrets in a transitory manner across your runbooks
20. Secrest Manager
Rundeck jobs request secrets
at runtime
Platform Systems
Automated
Runbooks
Jobs use secret to
request access
Secret manager authenticates
and sends secret
Jobs securely
access resources
Securely Retrieve Secrets in Real-Time for Access to
Platform Systems and Tools
Job Execution Ends
Key Destroyed
21. Secrets Manager
Job Request Secrets at
Runtime
Platform Systems
Tools and Technologies
Enterprise Plugin Integration
Job uses secret to
request access
Job uses secret to
execute tools privs
22. With the increase in MFA use in organizations many are asking us "How do
you handle MFA with Rundeck?" The short answer is we don't and the
better way to manage passwords for service accounts typically used in
Automation is leverage a tool like Thycotic to cycle those passwords
frequently on the end systems and pick up the current value dynamically
using our Key Storage plugins.
MFA with Automation
23. Due to changes in infrastructure and software development processes, secrets are
proliferating widely. Here are a few ways enterprise transformations are affecting
secrets management at scale:
Why Security Matters