Skip to main content
banner image
venafi logo

Akeyless Take Secrets Management to the Next Level with Venafi

Akeyless Take Secrets Management to the Next Level with Venafi

akeyless-integration-with-venafi-development-fund
June 23, 2021 | Bridget Hildebrand

It’s secrets chaos! There are passwords, credentials, SSH keys, AES encryption keys, code signing keys, critical credentials, and many other types of machine identities. As cloud adoption picks up speed, we've seen a marked increase in the number of those secrets in the last few years. With so many more components in our environment to communicate with, the more and more credentials we have to manage and protect. Add automation to that equation and you have machines that need to operate other machines. Everything needs to communicate with everything, and authentication becomes even more critical.

Enter Akeyless to control the storm of secrets.

Akeyless has built a unified vault platform to secure DevOps credentials and access to production resources across hybrid cloud and legacy environments.  With sponsorship from the Machine Identity Management Development Fund, they’ve added Venafi’s expert automation capabilities into the Akeyless SaaS secrets management platform.  In this regular interview series, I recently spoke with Oded Hareven, Co-Founder and CEO of Akeyless, about their involvement in the Development Fund.

Bridget:  First, Oded, please tell us all about Akeyless.

Oded: Akeyless is a single platform for secrets management and workload identities. It’s basically an all-in-one shop for secrets—such as credentials, certificates and keyswhich provides three pillars on top of one platform. The first pillar is classic secrets management: to manage, inject and provision secrets for the DevOps environment. Pillar number twoZero Trust Privileged Accessenables human-to-machine remote access by injecting short-lived secrets into the remote session while ensuring audit and compliance via recording and auditability. The first two offerings were designed to provide our customers with a just-in-time access, least privilege approach to support a vision of zero-standing privileges. The third pillar is all in the realm of data protection, where we manage encryption keys and provision them either to an external cloud KMS or provide encryption as a service and signing as a service on top of our virtual HSM technology.


Bridget:  Describe the machine identity management challenge your customers face that led you to partnering with Venafi.

Oded: Well, simply put, our customers need to manage workload and machine identities, represented by credentials, certificates, and keys in various scenarios. A good example would be to provide SQL credentials to Kubernetes container, or perhaps providing short-lived certificates to enable an SSH session initiated by a privileged engineer. Well, simply put, our customers need to manage workload and machine identities, represented by credentials, certificates, and keys in various scenarios. A good example would be to provide SQL credentials to Kubernetes container, or perhaps providing short-lived certificates to enable an SSH session initiated by a privileged engineer.

Although Akeyless can function as an internal CA, there are cases where our customers require us to issue certificates from an external, existing CA (private or public). They also need to monitor and manage those certificates in Venafi, and they would like to do so within their known and easy-to-use Akeyless interfaces, SDKs, plugins, Infra-as-code providers etc.

To fulfill those customer requirements, it was clear that we should work closely with Venafi to satisfy their needs.


Bridget:  Fast but secure or “fastsecure” was a big theme at the Venafi Global Summit last month. How would you describe the “fastsecure” results this integration brings to DevOps and InfoSec?

Oded: Well, I think that it's all around seamless and frictionless work. DevOps teams are used to working with DevOps oriented tools like Akeyless. Akeyless provides the interfaces for DevOps teams, and they're used to using those interfaces to unify their entire workload identities—credentials, API keys, SSH keys, etc. For them, it's typical that they don’t interface directly with the internal Venafi machine identity management team that often works mostly on-prem. By nature, DevOps teams are very cloud thinking, both public cloud as well as the private one. They do not necessarily wish to interact with the traditional on-prem environments. So, for these developers, it is now becoming frictionless and seamless to just ask Akeyless to "bring me that certificate" where they actually mean “I need a certificate issued by the internal existing CA or specific public CA”.               

 

Now Akeyless can automatically report and monitor and even issue the certificate via Venafi in a way that is completely transparent to the DevOps engineer. It's the efficiency of the process. It's the seamless combination of those two solutions working together to streamline operations. If it wasn't like this, then the DevOps engineer would still need to communicate with the security teams and ask "Hey, what about that certificate?" In that case, they would jeopardize the benefits of automation, or they would have to use some kind of other tools that they might not be familiar with. Of course, it’s possible for DevOps to do this, but for them, it is convenient to have all the secrets management needs from Akeyless Vault Platform.

Want to see how Akeyless and Venafi work together?

The Venafi integration with the   Akeyless Vault Platform is now available! Visit Akeyless on the Venafi Marketplace for more information. And stay tuned for future interviews with Machine Identity Management Development Fund recipients.
 

This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.


Related posts


Learn more about machine identity management. Explore

Like this blog? We think you will love this.
cloud-native-machine-identity-management-for-zero-trust
Featured Blog

Cloud Native Machine Identity Management for Zero Trust

Richard: Tell us about Pomerium and the role machine ide

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Bridget Hildebrand
Bridget Hildebrand

Bridget is Sr. Manager, Ecosystem Marketing at Venafi. She has over 20 years of experience managing technology partnerships and global channel programs for a broad range of technology organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more