CyberArk was happy to be a part of Jenkins World, aka DevOps World, which took place this year in San Francisco a few weeks ago. No surprise that the event was well attended, as for many of us, Jenkins is an essential tool when talking about building and securing DevOps and automated applications within CI/CD pipelines. And of course, Jenkins requires a lot of secrets to leverage other tools and resources to automatically build and test your applications.
The buzz during the conference was around CloudBees’ acquisition of Electric Cloud earlier in the year as attendees tried to determine exactly what the aquistion will mean for CloudBees as the biggest contributor to the Jenkins open source project. CloudBees CPO Christina Noren shed some light on why this marriage makes so much sense, and it has to do with addressing the increasing trend in the industry toward fragmentation or “islands of information” when building DevOps applications. According to Noren, merging Electric Cloud with CloudBees is intended to help unite the development process from left to right and break down some the silos that have formed.
This is a sound strategy on the part of CoudBees, breaking down silosand eliminating islands of leads to better and more efficient results, key principles of DevOps. As a security company, CyberArk continues to work to provide solutions which eliminate islands of security. While Jenkins and other tools like Docker, OpenShift, Kubernetes, Ansible, Puppet, and Chef all have some security features built in for protecting secrets, they don’t facilitate interoperability and securely sharing secrets across tools, clouds and platforms, which creates security islands.
A security island is:
A tool or platform that comes with some level of its own security components built-in to provide some ability to manage secrets, access control, audit, compliance and the equivalent, but which does not facilitate interoperability with other tools or aggregation of security policies, management and audit data.Also the various tool have varying levels of security capabilities and maturity.
Conjur Open Source helps eliminate islands of security by providing an interface for consistently securely authenticating, controlling and auditing non-human access across tool stacks, platforms and cloud environments via robust secrets management capabilities. Conjur helps organizations secure secrets such as passwords, SSH keys, certificates, API keys and implement management best practices including strong authentication, least privilege, role-based access control (RBAC), credential rotation, management and audit.
Conjur’s Jenkins plugin makes integration easy by seamlessly providing secrets to Jenkins jobs at runtime. The plugin retrieves the credentials from the central Conjur service, which enhances the ability of the organization to secure and manage its secrets. Take a look at this detailed tutorial to see how you can start using the Conjur Jenkins plugin today.
We Keep Secrets
Eliminating islands of security and keeping your secrets secure is what Conjur is designed to do. If you don’t believe us listen to the butler:
Just to explain in case you didn’t make it to Jenkins World, a live version of Jenkins butler stopped by the CyberArk booth to show us how he faked his credentials by replacing just the name of his badge with “Jenkins”. Highlighting, of course the need for authentication and identity management. As you can see in the video he stopped by again to say a few words about Conjur on his way to the Jenkins World superhero party, where almost everyone was in a superhero costume. A fun time for sure, with some serious discussions on secrets management and securing Jenkins and the CI/CD pipeline.
Next Steps
If you are new to Conjur Open Source check out the streamlined getting started experience. If you are already a Conjur wizard and want to try the Conjur Jenkins plugin, check out this detailed tutorial. If you get stuck or want to chat, join our CyberArk Commons community. Be sure to join our monthly newsletter to stay up to date on Conjur blogs and news!
John Walsh has served the realm as a lord security developer, product manager and open source community manager for more than 15 years, working on cybersecurity products such as Conjur, LDAP, Firewall, JAVA Cyptography, SSH, and PrivX. He has a wife, two kids, and a small patch of land in the greater Boston area, which makes him ineligible to take the black and join the Knight’s Watch, but he’s still an experienced cybersecurity professional and developer.