We all know that keeping track of information like passwords, certificates, and private keys is extremely important. It is not always easy though. It is hard to be secure when humans are using secrets, but it is 10x more difficult when we want to embed the secrets into any type of script, code, automation, etc. How do we make sure the secret is not sitting in the code or leaked into a log somewhere in the tool chain? This is the secrets management problem that Tuono has solved.
If you want to jump straight to the demo, you can check it out here:
I apologize for the closet in the background. Sometimes the content is more important than the home office decorations. 🙂
This demo shows how simple it is to keep your secrets safe with the Tuono Secrets Manager. If you want to use the GUI, the entire experience is point and click. You can also access the secrets through our API if you prefer. Either way, our patent-pending Secrets Manager keeps your secrets secure both at rest and in motion. They are securely locked in a vault dedicated to your organization with access controlled by RBAC when they are at rest. When they are in motion, the secret is not passed at all. We only pass a reference to the secret.
What makes Tuono Secrets Manager unique?
When you launch an automation job with Tuono, your secret is not pulled from your vault. Instead, a reference is passed through the entire tool chain. Tuono late binding secrets replace the reference with the actual secret just as the API call is being made to the public cloud venue. This makes it extremely difficult to leak the secret even if there is some type of error or exploit in our platform.
The alternative is to leverage AWS Secrets Manager, Azure Key Vault, CyberArk Vault, or Hashi Vault. These are all extremely reliable tools for securely storing your secrets. The challenge comes in handling the secret once it is removed from the vault. It needs to be passed through the tool chain. It is like your secret has to run the gauntlet of potential leaks and risks. It is now your responsibility to be sure it is never captured in a log, accidentally written somewhere, or dumped into the Terraform state file. Tuono eliminates this scenario by fully integrating the cloud automation stack and keeping the secret locked in the vault for as long as possible.
Talking secrets with Scott & James
I had a great discussion about secrets management with Scott Lowe and James Green at Actual Tech Media last week. We talked about why secrets management is important, how challenging it can be to setup and manage the open source options, and the risk of passing secrets through your tool chain. Click here for the link to the recording.
As always, you can try the Tuono Community Edition for free. Community Edition includes complete access to the Secrets Manager discussed in this article.