Back to resources
How Just-in-Time Privileges Accelerate App Development and Avoid Secrets Sprawl
February 2022 / 5 min. read /
Just-In-Time privileges can be granted and revoked on the fly, which is ideal when DevSecOps need to spin up temporary services.
Cloud Secrets Manager
The Cloud Secrets Manager enhances Britive’s dynamic permissioning offering by providing the capability to manage secrets (e.g., API keys, tokens, SSH certificates, and passwords) accessible by users, APIs, and machine identities. The new capability delivers faster time-to-value and ease of use compared to other secrets vaulting solutions on the market.
Britive is committed to helping organizations capitalize on the opportunities presented by cloud. The Cloud Secrets Manager does this by granting users privileged access quickly, while simultaneously containing secrets sprawl and enforcing security policies that dramatically reduce an organization’s attack surface. As a result, organizations can accelerate cloud app development and adoption of cloud and SaaS technologies.
Cyber-security experts are alarmed about the growing problem of secrets sprawl, which occurs when an organization stores secrets in a variety of locations, including source code, text files and spreadsheets, for an ever-growing number of users. Hard-coded secrets in Infrastructure as Code (IaC) are easy targets for exploits.
The Britive Cloud Secrets Manager vault secures static secrets and issues dynamic privileges via JIT secrets. Bridging the gap between static and ephemeral secrets allows organizations to implement governance policies for static and time-based credential management in a single platform. Granting and revoking JIT secrets significantly reduces credential exposure, and helps organizations maintain zero standing privileges (ZSP).
Organizations using Britive Cloud Secrets Manager can capitalize on immediate business benefits:
- Enable faster adoption of cloud and SaaS
- Accelerate cloud app development
- Remove burdensome security tools that can slow cloud app development
- Reduce infrastructure cost
- Facilitate internal compliance audits
- Quicken time to value and easy deployment
- Simplify integration
- Greater ease of use
Elevate DevSecOps capabilities – all from a single platform:
- Reduce your “always-on” risk of credential exposure for machine identities
- Eliminate embedded API keys and static secrets and replace them with ephemeral secrets
- Grant ephemeral API keys to spin up temporary services for testing
- Gain cross vault visibility into static secrets
The capabilities below comprise the first phase of the Britive Cloud Secrets Manager, with additional functionalities slated for release in 2022:
- Protect static secrets
- Initiate policy-based governance for access to secrets
- Streamline approval workflows
- Develop Policy-as-code frameworks
- Enhance offline secrets rotation through notifications
- Use Command-line Access (CLI) to the vault via the Britive CLI
- Deploy comprehensive APIs to access and manage secrets
- Complete auditability for secrets access
- Expand integration with SSO providers
Download the Whitepaper: "The Four Essentials for Effective Secrets Governance"
Automatically Grant & Expire Secrets: Users and machine IDs can quickly check out a role-based elevated privilege profile for a specific cloud service, either for the duration of a session or task, for a set amount of time, or until the user checks the profile back in manually. Once the task is complete, privileges are automatically revoked.
Rotate Passwords When Users Leave The Organization: Sharing accounts is not a best practice from a security standpoint, but it is becoming increasingly common with the growing use of cloud resources within DevOps organizations. If an individual leaves the organization, that permission/privilege then becomes a potential vulnerability. Britive addresses this issue by automating shared secret rotation that’s invoked via policy.
Investigate Who Has Access To Which Secrets: Security incidents are an inevitable reality in any organization. When an incident occurs—data breach, lost device, ransomware attack—it’s imperative to be able to tie secrets back to identities for proactive monitoring and post-incident investigation. Britive uncovers identities or individuals that have been exploited, access changes, policy drift, and risky activities.
Key Questions To Ask if Developers use an Open-Source product
- Does the product bridge the gap between static and ephemeral secrets?
- Does the product have mature cloud capabilities?
- Does the product have critical identity and access management (IAM) functionalities?
- Does your vault need to provide cross vault visibility into static secrets?
Key Questions To Ask if SecOps use a legacy product in the cloud
- Does the product bridge the gap between static and ephemeral secrets?
- Does the product need to provide cross vault visibility into static secrets?
- Does the product need to integrate with IGA – e.g. SailPoint?
- Does the product need to integrate with RBAC / ABAC?
- Does the product need to integrate with CI/CD – e.g. Terraform?
- Is the product costly, difficult to use, and/or have a long time-to-value?
Containing secrets sprawl is critical for organizations looking to accelerate the development of revenue generating apps in the cloud. If you're using a legacy or open-source secrets product that does not meet your business and security priorities, contact us today.