Honeypots and Honeytokens: Trapping Attackers With Source Code Lures
Many developers were left wondering which secrets were compromised and what code needed to be updated after attackers breached CircleCI…
Author: John Walsh
- About John Walsh
- John Walsh has served the realm as a lord security developer, product manager and open source community manager for more than 15 years, working on cybersecurity products such as Conjur, LDAP, Firewall, JAVA Cyptography, SSH, and PrivX. He has a wife, two kids, and a small patch of land in the greater Boston area, which makes him ineligible to take the black and join the Knight’s Watch, but he’s still an experienced cybersecurity professional and developer.
Posts by John Walsh
ChatGPT Is Here: How to Use AI to Write Code and Best Practices for Security
The bots are here…and they can code! AI tools like ChatGPT from OpenAI have burst onto the market and have…
KubeCon 2023: Identity + Security = A Whole New World
Sold. Out. For the first time ever, KubeCon Europe 2023 was sold out (in a venue that can hold about…
The Sword in the Darkness, the Watcher on the Wall
If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO…
Secure CI/CD Pipelines: Best Practices for Managing CI/CD Secrets
For DevSecOps, there’s always a balancing act between the fast pace of development velocity and security. Developers want to move…
Kubernetes Security: Best Practices for Kubernetes Secrets Management
Kubernetes has come a long way since its inception. But as the adoption of containerization has grown, Kubernetes security continues…
Security Automation with Red Hat Ansible Tower Introduction
No matter their occupation, nobody likes to do the same set of tasks repetitively — especially when automation is an…
Setting up Conjur on OpenShift
Red Hat OpenShift is a Kubernetes-based platform for container orchestration. OpenShift differentiates itself from Kubernetes through features such as tight…
New Red Hat OpenShift Secrets Management Operator for The Conjur (Follower)
Red Hat OpenShift is one of the most popular and powerful enterprise container orchestration platforms. All container orchestration solutions let…
Low-Code Secrets Management For Beginners
In recent years, there is a trend toward so-called low-code and no-code platforms. While no-code platforms often appeal to businesses…
Why Machine Identity is as Important as User Identity to Infrastructure Security
Cloud-native applications use resources available to them online, on a public cloud platform, or hosted on-premises. IT teams apply policies…
Three Steps to Avoiding the Secret Zero Trap
Most secrets management solutions rely on a master key or “secret zero” that can unlock other credentials. The problem is…
Keeping Secrets Secure on Kubernetes
Handling secrets in cloud-native environments is a challenge for many organizations. Virtually any application requires some sort of secret, such…
Why You Need Secrets Management in Your Jenkins Pipeline
Jenkins is a versatile platform for implementing continuous integration and continuous delivery (CI/CD) processes to develop applications. Using plugins, Jenkins…
Kubernetes secrets management: Build secure apps faster without secrets
Kubernetes is a popular choice for microservices because it provides scalable, portable, efficient deployment and reduces most DevOps overhead. Generally,…
CIAM vs IAM: What is the Difference
While you are probably using IAM and CIAM at work and home, you might not know what they are or…
DevOps Security: Cloud Secrets Management, from Multi-Cloud to Cloud Agnostic Environments
Organizations are migrating and deploying new workloads in cloud environments much more rapidly than ever, instead of expanding traditional on-premises…
Learning Secrets Management With Hands-on Interactive Tutorials
Learning is fun, and the best way to learn is through hands-on exercises. That’s why Conjur provides some tutorials to…
Essentials to Securing Kubernetes Secrets with Secrets Management
Secret management is essential for ensuring an organization’s cybersecurity. In this era, when users share valuable information with service providers,…
Securing OpenShift Secrets
Almost every application needs to deal with secrets in one way or another, to authenticate with a backend database or…
Secret Zero: Eliminating the Ultimate Secret
Centralized secrets management addresses important DevOps security attack vectors such as secret sprawl and security islands, but it could help introduce…
Container Security: Best Practices for Secrets Management in Containerized Environments
Container security becomes even more important as container adoption increases the attack surface for nefarious hackers seeking to exploit insecure…
Application Security: Best Practices for Secrets Management to Protect Applications
Application Security Overview Good application security (AppSec) prevents unauthorized access and modifications to apps by controlling access to sensitive information…
Leverage Secrets Management for Effective On-Call Support
In many ways, on-call duty and secrets management might seem to occupy pretty different parts of the IT universe. When…
CNCF: Supporting a Strong, Secure OSS Cloud Native Ecosystem
For many organizations, open source software (OSS) has become a must-have tool in their digital transformation toolboxes—what’s more, it’s fundamentally transforming the way software is…
Secrets Management Overview For Developers & DevOps
Secrets management is a critical problem for developers, especially for teams adopting DevOps practices. Until recently, it was the IT…
New & Improved Conjur Open Source Community
I would like to take a moment to talk about the exciting work our team has done to improve the…
Slack vs Discourse: Choosing the Right Community Platform
As online communities grow globally, community platforms like Slack and Discourse play a critical role in managing and improving the…
KubeCon + CloudNativeCon San Diego Wrap up
We are thankful to have been a part of the four Kubernetes community filled days – five, including the day…
Four Ways to Keep Kubernetes’ Secrets Secret
We have talked a lot about the speed at which DevOps innovation has moved and how security has consistently struggled…
Let’s Open up the Discussion
You are reading this on Conjur.org because you love DevOps, open source, Conjur, or maybe it’s the sound of my…
Getting off The Jenkins Island
CyberArk was happy to be a part of Jenkins World, aka DevOps World, which took place this year in San…
Conjur Open Source is Going Secretless
The Application Developer Access Dilemma As application developers, we need secure access to resources – such as databases, SSH servers,…
KubeCon 2019: The Conference for the Sagrada Familia of Software
Introduction KubeCon is the premiere conference for the Kubernetes and cloud-native communities. Every year it is held jointly with CloudNativeCon,…
Open Source Software isn’t Really Free, but it’s the Future of Business
Before the dotcom bubble bust in the early 2000’s, “irrational exuberance” drove stock valuations for internet companies that offered free…
Conjur Open Source Now Natively Integrates with Terraform
This integration allows Terraform users to leverage Conjur’s advanced non-human access control capabilities such as robust secrets management, tamper resistant…
Introducing KubiScan
Kubernetes permissions are built with role-based access controls (RBAC), which open up potential risks and need to be carefully controlled. …
CyberArk CNCF KubeCon 2018 Wrap up
I was really excited to attend the Cloud Native Computing Foundation’s (CNCF) KubeCon + CloudNativeCon Kubernetes conference in Seattle. I…
Introducing the Secretless Broker Open Source Beta
CyberArk is incredibly pleased to announce the beta release of a new open source project, Secretless Broker. Secretless Broker makes…
“One-Click” K8s Authentication & Secrets Management on GCP
CyberArk Conjur Open Source is now available as a Kubernetes application in the Google Cloud Platform (GCP) Marketplace. The new…
Don’t Get Pwned by Secret Zero
The Secret Zero Problem I have talked to a number of security conscious professionals across a wide range of…
Cloud Foundry Integration Available in GitHub
We are excited to announce the release of a new integration between Conjur and Cloud Foundry (CF). Cloud Foundry users…
DevSecOps is an Abomination!
Dr. Frankenstein’s monster is one of the most hated and misunderstood monsters of all time. Frankenstein brought his creation…