Skip to main content
banner image
venafi logo

OpenCredo Venafi-Vault Wizard: Bringing InfoSec and Developers One Step Closer

OpenCredo Venafi-Vault Wizard: Bringing InfoSec and Developers One Step Closer

opencredo-venafi-vault-wizard
July 14, 2022 | Robyn Weisman

When Venafi announced the creation of the Machine Identity Management Fund in December 2018, OpenCredo, a U.K.-based software consultancy specializing in machine learning, cloud and DevOps applications, was named as one of the three inaugural developers. They started by building the industry’s first open source Kafka connector to the Venafi Platform. Since then, they’ve created two more Venafi solutions: Secure Software Pipeline Verifier and Venafi-Vault Wizard.

In this post, we chat with Trent Rosenbaum, lead consultant at OpenCredo, about Venafi-Vault Wizard, a free standalone utility that simplifies the setup and configuration between the Venafi Trust Protection Platform or Venafi as a Service and HashiCorp Vault. Says Paul Cleary, senior ecosystem architect at Venafi: “HashiCorp Vault is one of our most used integrations but it doesn’t come without its complexities. Venafi-Vault Wizard provides users with an easy-to-use wizard that makes the initial setup almost dummy-proof, which is especially important as organizations begin to embrace the #fastsecure mindset.”

Hundreds of partners. Thousands of proven integrations. Endless possibilities. Find yours now.
">
Increasing visibility without slowing down developers

Robyn: Trent, what led to Venafi-Vault Wizard’s development? What problem did it seek to solve?

Trent: Getting machine identities isn’t normally within the scope of most developers, and it isn’t natural for developers to have to procure their machine identities directly from Venafi. So, oftentimes it’s easier for them to just spin up a standalone instance of Vault and use that machine identity in the application they’re building.

The problem with that, of course, is this happens out of band, and InfoSec has no visibility, let alone the ability to put policy on that. So, InfoSec relies on the Venafi-Vault integration, which makes it easy for developers to access machine identities while at the same time providing InfoSec visibility into how they’re being used. So, our goal with Venafi-Vault Wizard was to take a valuable integration and not only make it easier to set up but also optimize the way the two systems work together by streamlining the integration process.

Q: So, how does Venafi-Vault Wizard make this important integration easier to set up?

Trent: The Wizard makes it really easy to produce a configuration file that can be reused with multiple instances of Vault. The end user is asked a set of questions, and from that, Venafi-Vault Wizard sets roles and permissions accurately and properly. In addition to guiding them through the configuration process with these questions, we also give examples of configurations based on best practices.

Then this configuration file can be repeated throughout the environment without having to go through the Wizard again and again. You can just say, “Here’s my config. I want exactly what I did last time on this new machine.” And it’s easy to make minor customizations to those config files depending on the types of environments you want to use the integration in, say, Kubernetes or whatever.

This guided instruction framed by the questions the Wizard asks provides guardrails so that you aren’t wasting time exploring other areas that aren’t relevant. You get exactly what you need for your use case, and it’s easy.

Q: What other benefits does Venafi-Vault Wizard provide users?

Trent: In addition to providing our users a way to make their deployments consistent and relevant to their environments, Venafi-Vault Wizard also provides them with an audit trail they can use. And that’s especially useful when you’re using us to integrate the Venafi Platform and Vault in different types of instances. And it helps people offload aspects of management, such as versions of Vault with cloud-managed instances, by letting us handle the heavy lifting of what needs to be done.

Q: What excites you most about the work you’ve done on Venafi-Vault Wizard?

Trent: We want to champion equal partnerships between development and InfoSec teams and that requires communication. And it also means learning how to communicate about the things that are meaningful to each group. We hope that Venafi-Vault Wizard can be used to help guide conversations in the sense that it’s at once simple to use and yet extremely informative and powerful. It helps both groups get done what they need to get done while bringing about greater understanding.

And really, that’s what the Venafi ecosystem represents to developers—ways to further the conversation and improve collaboration going forward.

In our follow-up OpenCredo interview, I chat with Hieu Doan, DevOps consultant at OpenCredo about Secure Software Pipeline Verifier.

Related posts

Like this blog? We think you will love this.
kubernetes-wheel-2
Featured Blog

Cloud Native Machine Identity Management for Zero Trust [Pomerium & cert-manager]

Richard: Tell us about Pomerium and the role machine ide

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Robyn Weisman
Robyn Weisman

Robyn is a Senior Content Writer at Venafi. She helps enterprise IT vendors pinpoint their marketing challenges and develop content marketing strategies. She worked for several well-known technology trade publications for over 15 years, and has a Master's Degree in Screenwriting from USC.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more