Aqua Security is excited to announce that our newly certified integration with CyberArk Conjur Secrets Manger for both Conjur Secrets Manger Enterprise and Conjur Secrets Manager Open Source is now available in the CyberArk Marketplace. This integration makes it even easier for Aqua Security customers to inject secrets that are managed, audited, rotated, and protected by CyberArk into containers at runtime with no downtime, running only in memory without persistence on disk.
The Conjur integration can be quickly configured from the Aqua management console, allowing security teams to rapidly extend secrets management best practices into DevOps environments. DevOps teams can then effortlessly incorporate container secrets management into their deployment practices with no code changes.
Who is CyberArk?
CyberArk is the leader in Identity Security with the majority of Fortune 500 companies leveraging CyberArk to secure their access for any identity — human or machine — to any resource or environment from anywhere using any device.
CyberArk Conjur is a comprehensive secrets management solution tailored specifically to the unique infrastructure requirements of cloud native, container, and DevOps environments. The solution helps developers and security organizations secure, rotate, audit, and manage access to secrets and other credentials used by applications, automation scripts, and other non-human identities with RBAC.
Why Aqua Security and CyberArk Collaborate: Containers, meet Secrets Management
We are excited to strengthen our longstanding partnership with CyberArk with this integration between CyberArk’s secrets management solution and our cloud native application protection platform. With the certification, we make it even easier for Aqua customers to inject secrets stored and managed by Conjur into their cloud native environments secured by Aqua.
Managing and securing the distribution of secrets – whether credentials, APIs, certificates, or SSH keys – is a security best practices cornerstone.
With the certification, our joint customers can automate injection of secrets stored and managed by Conjur at runtime with seamless integration and no code changes. As with our existing integration with CyberArk’s Privileged Access Manager, Aqua reinforces the security of CyberArk’s centralized secrets management with the ability to map secrets retrieval to only those containers that are authorized to use them and keeping them secure by running only in memory without persistence on disk. This ensures that secrets are securely retrieved and injected into memory when the containers need them.
The Aqua Conjur integration is now available on the CyberArk Marketplace.
The Next Phase: Secrets Management, meets DevOps
By automating injection of privileged credentials and secrets used by non-human identities at runtime, security teams can ensure that secrets used by containers and services for access to resources are still centrally managed. Aqua’s integration also helps security teams avoid security anti-patterns, especially so that credentials are not hard-coded or embedded as part of the development process. Finally, the integration with centralized secrets management reduces the attack surface by ensuring that secrets for container resource access are consistently protected.
For developers, Aqua’s integration also pays dividends for broader adoption of centralized secrets management: no container restart is required for the injection, and the integration with CyberArk’s Identity Security products is seamless. Secrets can be rotated, updated, and revoked with no container downtime or restart. Also, no code changes are required for the injection of container secrets runtime.
Conclusion
While secrets are critical for the operation of cloud native production environments, exposing those secrets, and not following best practices for secrets revocation and rotation, puts those environments at risk. Aqua and CyberArk have built a solid partnership based on extending and adapting secrets management for cloud native environments that is seamless for developers and enables security teams to securely distribute secrets only when they are needed, and only to those containers that actually need them. With cloud native applications now approaching mainstream adoption, reinforcing and extending the partnership with formal integration of Conjur Enterprise Edition and Open Source is a logical next step to help our customers more effectively ensure security best practices and integrate secrets management across the cloud native application lifecycle.