Skip to main content
banner image
venafi logo

Integrate Automated Certificate Provisioning with Your DevOps Platform

Integrate Automated Certificate Provisioning with Your DevOps Platform

Secure DevOps
September 13, 2016 | Allen Marin

The need for security in DevOps environments is essential as we laid out in a recent Venafi post describing the benefits of ensuring security for DevOps, specifically with keys and certificates. I won’t repeat that here, but I’d like to follow up on that blog with some guidance on how you might go about implementing security in a way that ensures its success. Then, I’d like to share some examples on how our customers are automating the provisioning of encryption keys and certificates as part of their DevOps environments.
 

How much do you know about Machine Identity Protection? Find out. 
 

DevOps speeds application delivery

With its laudable objective of reducing time to market while maintaining application quality and reliability, DevOps is quickly becoming the de facto model for application development. This momentum has spurred a wave of development and management platforms like Chef, Puppet, HashiCorp, Docker, and Github. All of which are designed to help DevOps teams automate, standardize, and accelerate the process of application delivery.

But your DevOps teams are not security experts

But this focus on speed and agility often comes at the expense of security, which typically falls outside the scope of most development teams. And adding slow and manual steps to secure applications into a highly-automated DevOps environment is sure to be met with criticism or even ignored by developers focusing on speed and agility. In fact, a study showed that 30% of Docker containers are susceptible to high-priority vulnerabilities, which underscores the problem.

So unless you want the distinction of being the IT executive responsible for consistently delivering fast but vulnerable code, you’re going to have to find a way to automate the process of securing your applications, IT services, and the communication across your DevOps environments. And that’s exactly what I’ll focus on here.

You’ve got to make it easy for DevOps to apply security

Given that standardization and automation are fundamental tenets of the DevOps philosophy, your best chance at getting developers to reliably secure their code is to automate the provisioning of keys and certificates as part of their existing environment. In other words, you should enable their existing tools and processes with this capability, rather than creating a new orthogonal environment that disrupts their existing model.

APIs can be tremendously helpful in this regard since they provide the ability to integrate the procurement and provisioning of keys and certificates into your existing development platforms and workflows. The Venafi API, for instance, allows organizations to standardize and automate routine key and certificate provisioning tasks with the flexibility to integrate into any DevOps platform, such as Chef, Ansible, Puppet, Docker, and more.

Through the API, users can include a fully-automated certificate service directly into their DevOps platforms, which enables them to meet their objectives of reducing time to market while maintaining application quality and reliability. One global bank, for instance, was able to reduce the cost and time of manually processing certificate requests, renewals, and revocations by 60% with the Venafi DevOps solution.

Use ready-made recipes in your DevOps processes

In addition to taking advantage of our API, customers are making use of our sample cookbooks and recipes for Chef, Docker, and other platforms to request, revoke, and replace keys and certificates as part of their existing DevOps environment. Sharing and reusing proven recipes is a great way to get started quickly, and Venafi shares these readily in our Venafi Customer Support Knowledge Base.  

By incorporating certificate provisioning directly into existing DevOps environments, organizations can make security a fundamental component of their application development. And when certificate issuance becomes a standardized, auditable process that aligns with security policies, developers don’t have to worry about becoming security experts. They can continue focusing on delivering software efficiently, effectively and (now) securely.  Read more about how to integrate security directly into your DevOps environments in our DevOps whitepaper, which includes example use case integrations with Chef and Docker.
 


Learn more about machine identity protection. Explore now.  

 

Like this blog? We think you will love this.
woman holding hand up to her hear to listen
Featured Blog

DevOps and the Proliferation of Secrets

You might now be thinking that it u

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Allen Marin
Allen Marin

Allen Marin writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat