Skip to main content
banner image
venafi logo

Integrate Automated Certificate Provisioning with Your DevOps Platform

Integrate Automated Certificate Provisioning with Your DevOps Platform

Secure DevOps
September 13, 2016 | Allen Marin

The need for security in DevOps environments is essential as we laid out in a recent Venafi post describing the benefits of ensuring security for DevOps, specifically with keys and certificates. I won’t repeat that here, but I’d like to follow up on that blog with some guidance on how you might go about implementing security in a way that ensures its success. Then, I’d like to share some examples on how our customers are automating the provisioning of encryption keys and certificates as part of their DevOps environments.

DevOps speeds application delivery

With its laudable objective of reducing time to market while maintaining application quality and reliability, DevOps is quickly becoming the de facto model for application development. This momentum has spurred a wave of development and management platforms like Chef, Puppet, HashiCorp, Docker, and Github. All of which are designed to help DevOps teams automate, standardize, and accelerate the process of application delivery.

But your DevOps teams are not security experts

But this focus on speed and agility often comes at the expense of security, which typically falls outside the scope of most development teams. And adding slow and manual steps to secure applications into a highly-automated DevOps environment is sure to be met with criticism or even ignored by developers focusing on speed and agility. In fact, a study showed that 30% of Docker containers are susceptible to high-priority vulnerabilities, which underscores the problem.

So unless you want the distinction of being the IT executive responsible for consistently delivering fast but vulnerable code, you’re going to have to find a way to automate the process of securing your applications, IT services, and the communication across your DevOps environments. And that’s exactly what I’ll focus on here.

You’ve got to make it easy for DevOps to apply security

Given that standardization and automation are fundamental tenets of the DevOps philosophy, your best chance at getting developers to reliably secure their code is to automate the provisioning of keys and certificates as part of their existing environment. In other words, you should enable their existing tools and processes with this capability, rather than creating a new orthogonal environment that disrupts their existing model.

APIs can be tremendously helpful in this regard since they provide the ability to integrate the procurement and provisioning of keys and certificates into your existing development platforms and workflows. The Venafi API, for instance, allows organizations to standardize and automate routine key and certificate provisioning tasks with the flexibility to integrate into any DevOps platform, such as Chef, Ansible, Puppet, Docker, and more.

Through the API, users can include a fully-automated certificate service directly into their DevOps platforms, which enables them to meet their objectives of reducing time to market while maintaining application quality and reliability. One global bank, for instance, was able to reduce the cost and time of manually processing certificate requests, renewals, and revocations by 60% with the Venafi DevOps solution.

Use ready-made recipes in your DevOps processes

In addition to taking advantage of our API, customers are making use of our sample cookbooks and recipes for Chef, Docker, and other platforms to request, revoke, and replace keys and certificates as part of their existing DevOps environment. Sharing and reusing proven recipes is a great way to get started quickly, and Venafi shares these readily in our Venafi Customer Support Knowledge Base.  

By incorporating certificate provisioning directly into existing DevOps environments, organizations can make security a fundamental component of their application development. And when certificate issuance becomes a standardized, auditable process that aligns with security policies, developers don’t have to worry about becoming security experts. They can continue focusing on delivering software efficiently, effectively and (now) securely.  Read more about how to integrate security directly into your DevOps environments in our DevOps whitepaper, which includes example use case integrations with Chef and Docker.

 

 

Like this blog? We think you will love this.
DevOps, DevSecOps, CALMS
Featured Blog

CALMS for DevOps: Part 1—Why Culture Is Critical

DevSecOps seeks to address these challenges, and I find a useful way to break down how it does th

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Orange Umbrella

PKI for non-PKI experts: How to Address Compliance Requirements

PKI for non-PKI experts: What You Need to Know about Ongoing Maintenance

PKI for non-PKI experts: How Do You Get Your Systems Up to Policy?

About the author

Allen Marin
Allen Marin

Allen Marin writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat