Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Certificate-Based Authentication and TTL for All Cloud Platforms


Written by Sara Shuman

August 24th, 2021

DevOps is a world of machines. To access systems and data, secrets are exchanged between all types of machines, including databases and applications for software and infrastructure deployment, testing, orchestration, configuration, and Robotic Process Automation (RPA).   

The speed and scale of DevOps requires secrets to be created instantly, tracked incessantly, and eliminated when no longer needed. The latest enhancements to DevOps Secrets Vault make secrets management even faster and easier.  

Certificate-based authentication for machines

With this latest release, you can use certificate-based authentication for enhanced security and easier secrets management. Digital certificates will identify a machine in the DevOps workflow before granting access to a resource, network, or application.

Unlike authentication solutions designed for people, such as biometrics and one-time passwords (OTP), certificates are purpose-built for machines like those used in the CI/CD pipeline. Certificates are stored locally and securely, which alleviates the headache of managing passwords and distributing, replacing, and revoking tokens.

Time-to-Live (TTL) eliminates standing secrets

“The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high,” Gartner warned in their report Remove Standing Privileges Through a Just-in-Time PAM Approach. Their recommendation was to implement a “standing privileges strategy through a just-in-time model.”

DevOps Secrets Vault has long supported time-bound, automatically expiring secrets for AWS and Azure. Our latest release extends this capability to the Google Cloud Platform. Now, no matter which cloud platform you prefer you can set a pre-determined time for secrets to expire automatically. Even if these ephemeral secrets are leaked, any would-be attacker is limited in what they can do and has a limited window in which to do it.

Try the latest enhancements to DevOps Secrets Vault

We’re excited for you to try the latest version of DevOps Secrets Vault, free for 30 days.


Like this post?

Get our top blog posts delivered to your inbox once a month.