DEV Community

Cover image for Securing your secrets in Opsera’s DevOps orchestration platform
Opsera_Staff
Opsera_Staff

Posted on

Securing your secrets in Opsera’s DevOps orchestration platform

Opsera entered into a technology partnership with HashiCorp, the leader in multi-cloud infrastructure automation software. With this technology partnership, Opsera offers customers the choice to use a dedicated Opsera-deployed instance of Hashicorp Vault provisioned in their customer-dedicated data-plane, or to “bring their own Vault” by connecting Opsera’s platform with customers’ existing Vault instances.

Opsera, launched in 2020 to address a gap in the DevOps market - too many tools and no simple, effective, and scalable way to connect them, with development teams spending excessive time and effort building and maintaining tool integration and scripts, or frustrated by the platform limitations of their all-in-one vendor.

Opsera’s vision is to empower Software, DevOps, and IT Engineers to deliver software faster, safer and smarter. Opsera’s continuous orchestration platform provides self-service toolchain automation, drag-and-drop declarative pipelines, and unified insights. With Opsera, development teams can choose any CI/CD tools they want, operations teams gain improved efficiency, and business leaders have unparalleled visibility into their software delivery.

The key elements of the Opsera Continuous Orchestration platform include:

  • Toolchain Automation: You pick the tools you want from a self-service catalog of best-of-breed tools, or bring your own, and automate any toolchain via Opsera's one-click deployment. Eliminate manual scripts and save time with pre-built connectors, native APIs, easy life cycle management and automated governance.
  • Declarative Pipelines: Build no-code pipelines easily using drag-and-drop workflows, with quality and security gates built in. You get out-of-the-box integrations and pipeline visibility across all the CI/CD stages for various use cases, including software engineering, SaaS release automation (Salesforce, Adobe Experience Manager, Apigee) and infrastructure-as-code pipelines.
  • Unified Insights and Contextualized Logs: Opsera provides comprehensive unified analytics across your entire CI/CD ecosystem, aggregated and contextualized logs for faster resolution, improved auditing and compliance, and intelligent personalized dashboards with more than 100 KPI's across six dimensions (planning, development, security, quality, operations and source code), so you can make smarter decisions.

Customers of SaaS platforms are right to be concerned about security, particularly when they entrust the platform with the keys to their mission-critical software and infrastructure, such as all the tools, rules, code repositories, and connectivity to production environments that running CI/CD pipelines requires. A security flaw or breach can cause irreparable harm to these customers, and easily be the death of a SaaS company.

Fortunately Opsera’s founders and lead engineers have spent decades building and securing Fortune 500 companies and leading technology startups, and applied the lessons they learned to the design of Opsera.

Layered security

Opsera was designed with layered security from the start. We architected our service by separating our multi-tenant “control plane” SaaS infrastructure from all customer data by deploying a dedicated “data-plane” for each customer. Opsera keeps customer’s tools, integrations, data, logs and configurations in the customer-dedicated data-plane.

In addition, Opsera offers customers the choice to use a dedicated instance of Hashicorp Vault provisioned in their data-plane, or to “bring their own HashiCorp Vault” by connecting Opsera with their existing Vault instances, which already have their predefined keys, certificates and other sensitive information. This approach provides several layers of separation and defense to further enhance zero trust initiatives that rely on trusted identities for authentication and authorization to all layers of networking, infrastructure, and application security.

Running Vault in Opsera VPCs

Opsera offers a dedicated Vault in each customer VPC to manage and maintain customer keys, secrets and certificates. With this approach, customers do not have to worry about the maintenance and management of Vault infrastructure and security. Opsera-provisioned Vault offers the following benefits to the customers:

  • Each customer has a dedicated Vault instance
  • Opsera takes care of building and managing the Vault instance
  • As part of the Opsera SaaS platform, scaling the Vault instance and encryption of the data is taken care of automatically
  • Secure programmatic access to secrets, keys, passwords and certificates across various stages of CI/CD declarative pipelines
  • Overall Life Cycle of the Vault infrastructure

Integrating Opsera with customer-provided Vault (Bring your own Vault)

As part of offering “Choice and flexibility” to enterprise customers, Opsera partners with Hashicorp to empower enterprise customers to integrate their existing Vault instances with Opsera’s platform. This approach allows customers to securely leverage their existing keys, secrets, tokens and certificates into their CI/CD declarative pipelines, to:

  • Integrate their existing Vault instances seamlessly into Opsera’s platform.
  • Centrally manage their keys, secrets, tokens and certificates.
  • Use existing policies and standards such as key rotation and apply them seamlessly to their Opsera CI/CD pipelines.

Connecting to Customer-owned Vault via Opsera platform

Connecting your Vault to Opsera

Step 1: Choose “Tool Registry” and then “New Tool”

Step 1Step 2: Provide Tool Name and choose Hashicorp Vault under Data Management in “Tool Identifier”
Step 3: Click Create
Steps 2 & 3Step 4: Provide Vault URI, Vault Key, Vault Token, and Vault Path and Click “Save”
Step 4Step 5: Choose Customer Own Vault for Any tools under Tool Registry
Step 5Step 6: Any configurations, scripts, dynamic parameters, secrets, tokens, credentials will be stored in Customer’s Hashicorp Vault.
Step 6

Opsera: Secure as a Vault

Opsera is the only CI/CD platform that takes your security as seriously as you do, by designing customer-dedicated VPCs into our SaaS, and provisioning your own dedicated HashiCorp Vault instance, or integrating with your Vault instances.

To learn more about Opsera’s continuous orchestration platform visit us at www.Opsera.io.

Top comments (0)