Skip to main content
banner image
venafi logo

Accelerate DevOps by Offering a Certificate Service for CI/CD Pipelines

Accelerate DevOps by Offering a Certificate Service for CI/CD Pipelines

DevOps, SSL, TLS certificates
May 14, 2019 | Sandra Chrust

Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms and scripts. Then, as environments and tools change, apps are migrated and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts or learning new certificate authority APIs.

Why do developers reinvent the wheel?

Developers prefer to stay within their existing toolchain and often view Information Security has a barrier rather than an enabler. Often, security processes for SSL/TLS certificates are antiquated and require manual steps such as submitting a ticket, which are incompatible with the dynamic, ephemeral DevOps environments. As a result, developers take on the burden of creating their own security infrastructure, even though they are not PKI experts. This diverts resources away from their core responsibilities, ultimately slowing them down.

Make Access to Trusted Certificates Easy Within DevOps Tools. Try Venafi as a Service for Free.

What are the challenges with the status quo?

DevOps teams pay the price because ad-hoc security infrastructure introduces heterogeneity across environments, applications, and teams. This introduces a maintenance burden, inadvertently creates vendor lock-in and increases the risk of certificate-related outages. In addition, these unstructured approaches significantly increase the security and operational risks that result from certificates that are improperly issued, configured and managed.

And, without visibility and control over the certificates used in DevOps environments, security teams cannot enforce policy or respond to compliance and audit checks. Security teams are also unable to respond to crypto-events such as a CA compromises, breaches, or other wholesale PKI changes (e.g. migrating from SHA-1 to SHA-2) so this burden falls back on application development teams, disrupting their value stream.

How should security approach these challenges?

Because the application development lifecycle is moving at a faster pace than ever, security teams who used to leverage periodic or manual processes have to get involved much earlier in the lifecycle and find and fix the issues in partnership with the application development teams before they ever make their way into production.

In order to adapt to a faster pace of development, both application development and security teams must invest in automation, otherwise they can’t keep up with the speed using manual processes. Security teams need to look at what tools developers are using and how to embed security into their automation to 1) relieve the burden on DevOps so they can move faster 2) improve security posture.

How can security speed up DevOps?

Security teams have to push machine identity processes left into the pre-production phase, hooking directly into the CI/CD pipeline or automated configuration management tools to embed trusted machine identities across the entire application development lifecycle. By delivering a standardized set of consumable services for autonomous application development teams, security relieves DevOps of the burden of creating their own security infrastructure and makes it easy for them to comply with corporate machine identity policies so they can ultimately, move faster more securely.

How can my organization set up a certificate service?

Attend the May 30th webinar hosted by, “Use the Same Certificate Process Across Your DevOps Toolchain” to learn more about the best practices and solutions that allow organizations to scale digital certificate provisioning for DevOps environments. Helen Beal, DevOpsologist at Ranger 4 and Sandra Chrust, Senior Manager over DevOps and Cloud Solutions at Venafi will discuss the challenges, best practices, and available solutions in a lively format.


Related posts

Like this blog? We think you will love this.
Featured Blog

A Guide to Popular DevOps Tools and How They Work

What is Infrastructure as Code (IaC)?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Sandra Chrust
Sandra Chrust

Sandra Chrust writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more