All About Agility: PKI in DevOps Matters
If you are using “DevOps” practices and adopting microservices patterns, very often you hear about Jenkins, Docker, Kubernetes, Terraform, and Ansible. And there is a reason: they are very important for creating code-based infrastructure and deploying microservices-based applications. But, how do you provision certificates when an application is deployed using these tools?
Today, DevOps is not just a buzzword, but a necessity for the IT industry. With an ever-growing need for rapid software releases, organizations are showing an increased interest in DevOps practices and the widespread adoption of microservice architecture patterns.
Agility has become the norm across organizations—and they are demanding maximum visibility, and almost no human intervention in software deployment.
If you are using “DevOps” practices and adopting microservices patterns, very often you hear about Jenkins, Docker, Kubernetes, Terraform, and Ansible tools. And there is a reason: they are very important for creating code-based infrastructure and deploying microservices-based applications.
However, when organizations use these tools to deploy Microservice-based applications, it introduces the problem of securing communications between distributed components in untrusted networks. SSL server and client certificates provide a reliable mechanism to solve this problem. But, how do you provision certificates when an application is deployed using these tools?
Here are a few great options for provisioning private or public SSL certificates:
- Ansible — Ansible is one of the leading tools in configuration management and server provisioning. Ansible-based automation solves the problem of managing the lifecycle of hundreds of certificates in the heterogeneous environments. In absence of an Ansible integration with a public Certificate Authority, organizations maintain the ad hoc client code they developed to interact with Certificate Authorities. This is a very time- consuming and error prone approach. Sectigo’s Ansible Module hides all of the security complexities and provides a transparent, platform-agonistic user experience to provision and manage TLS and client certificates.
- Terraform — A leading orchestration and server provision platform, Terraform allows to write custom providers to get SSL certificate and provision them. Sectigo now enables you issue, update and revoke certificates with an integrated Terraform provider. Customers can use either tightly coupled RESTful API-based integration or a loosely coupled ACME based module.
- Kubernetes — In recent years, Kubernetes has become the industry standard for deploying containers in production. In its 2018 cloud predictions, Forrester Research proclaimed that Kubernetes "has won the war for container orchestration dominance." There are various open source add-ons, such as JetStack cert manager, which can provision SSL certs in Kubernetes environments using ACME or other custom plugins. JetStack cert manager works with any compliant ACME server, including Sectigo.
There are plenty of configuration management and orchestration tools and number of ways to provision certificates using them. Organizations just need to ensure that whatever tools and certificate management solution they choose provide the flexibility to issue both server and client certificates from public and private certificate authorities using standard and API-based integrations.
Sectigo recently announced integrations with five popular DevOps configuration management and container orchestration platforms. This unique combination of solutions immediately helps IT teams ensure their DevOps environments follow accepted security practices, meet compliance and auditability requirements, and provide crypto agility. Read the press release.
You can also watch the PKI for DevOps Webinar to learn more. In the on-demand event, hosted by DevOps.com, our subject matter experts Jason Soroko and Tim Callan explain how PKI plays a critical role in DevOps environments and how enterprises can best use certificates to keep their platforms safe.