Phone Number +1-202-802-9399 (US)


The rapid, iterative DevOps workflow demands a new approach to secrets management

The Challenge | Icon


DevOps practices expose security vulnerabilities directly tied to privilege management, but traditional PAM solutions aren’t built to support DevOps speed and scale.

The Danger | Icon


Hundreds or thousands of containers, servers, and applications used in DevOps can have privileged access, dramatically increasing your attack surface.

The Solution | Icon


Modern PAM solutions protect privileged accounts used throughout the DevOps workflow by replacing insecure practices with API calls to a secure vault.

DevOps teams move too fast for traditional privilege management

IT organizations are increasingly adopting DevOps practices to reduce friction in the development workflow and release functionality more quickly.

DevOps processes introduce systems for code storage, compilation, testing, deployment and more, which require privileged access to data sources, application services and other tools. DevOps configuration management and orchestration systems use privileges to continually spin up servers, install software and make changes. Cloud services enable DevOps teams to scale up to tens of thousands of containers, servers, and applications and rapidly deploy them across multiple dev, test, and production environments.

New environments are created and disposed of constantly. And these systems connect hundreds – even thousands – of times each day.

Risky DevOps practices open the door for privileged account attacks

To access systems, developers may embed hardcoded keys or credentials within an application. During testing, they may store credentials in a repository, such as GitHub, forget about them, and then commit them to production, where an external threat agent may find them.

Some DevOps teams share private keys and credentials for immediate access, which increases the risk of insider threats, either malicious or accidental.

If they do use vaults for secrets management, DevOps teams may spend time building their own, instead of focusing on product development. Organizations may end up with multiple vault instances that aren’t connected, centrally managed or auditable.

By 2021, over 50% of organizations using DevOps will adopt PAM-based ‘secrets management’ products, rising rapidly from less than 10% in 2018.” – Gartner Research

DevSecOps is becoming the new normal

Security teams, concerned with governance and compliance, are rapidly adapting their approaches to application security and infrastructure management to match the requirements of DevOps.

A new approach to secrets management allows DevOps teams the flexibility and independence they need to access critical systems, while maintaining PAM security best practices.

PAM solutions built for DevOps replace risky practices. Instead of relying on hardcoded or externally stored credentials, systems connect via API calls to credential vaulting technology. These API calls set, retrieve and process credential and password requests. This approach removes reliance on less secure credential and secret storage, and facilitates automation at higher scale.


The free version of DevOps Secrets Vault manages up to 250 secrets and never expires.

By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

Cloud technologies are core to DevOps practices. See how PAM secures critical controls for the cloud.

Critical Controls for Modern Cloud Security

Extend. Integrate. Customize.

Thycotic provides web services to enable third-party developers to interact with our products in a developer-friendly way while maintaining security.


Secrets Vault

Secrets management for ephemeral systems and high-speed processes.

  • Websites with many simultaneous transactions, microservices, virtual machines and/or containers.
  • DevOps and cloud teams with environments for dev, test, staging, and production, and CI/CD toolsets.

DevOps SDK

Secrets management for predictable, permanent systems running scheduled reports.

  • Application-to-application connections.
  • Security scanners, finance reports, inventory systems.