He nui nā hana a nā Devs e hana ai, a ua koi pū ʻia lākou e loaʻa ka ʻike loea o ka cryptography a me nā ʻōnaehana kī lehulehu (PKI). ʻAʻole pono.
ʻOiaʻiʻo, pono e loaʻa i kēlā me kēia mīkini kahi palapala TLS kūpono. Pono lākou no nā kikowaena, nā ipu, nā mīkini virtual, a me nā meshes lawelawe. Akā, ulu ka nui o nā kī a me nā palapala hōʻoia e like me ka hau hau, a lilo koke ka hoʻokele i ka haunaele, pipiʻi a me ka pilikia inā ʻoe e hana i nā mea āpau. Me ka ʻole o ka hoʻokō ʻana i nā kulekele maikaʻi a me nā hana nānā ʻana, hiki i nā ʻoihana ke pilikia ma muli o nā palapala hōʻoia nāwaliwali a i ʻole nā hopena i manaʻo ʻole ʻia.
Ua hoʻonohonoho ʻo GlobalSign a me Venafi i ʻelua mau pūnaewele e kōkua i nā devops.
ʻO nā pilikia nui o nā kaʻina hana hoʻokele palapala i loaʻa i ka nui o nā kaʻina hana:
- Ka hana ʻana i nā palapala hōʻoia ponoʻī ma OpenSSL.
- E hana pū me nā hanana HashiCorp Vault he nui e hoʻokele i ka CA pilikino a i ʻole nā palapala hōʻoia i kau inoa ʻia.
- Kakau inoa o nā palapala noi no nā palapala hilinaʻi.
- Ke hoʻohana nei i nā palapala hōʻoia mai nā mea hoʻolako kapuaʻi lehulehu.
- ʻOtotoming Let's Encrypt hōʻano hou
- Ke kākau ʻana i kāu mau palapala ponoʻī
- Hoʻonohonoho ponoʻī o nā mea hana DevOps e like me Red Hat Ansible, Kubernetes, Pivotal Cloud Foundry
ʻO nā kaʻina hana a pau e hoʻonui i ka pilikia o ka hewa a hoʻopau manawa. Ke ho'āʻo nei ʻo Venafi e hoʻoponopono i kēia mau pilikia a e maʻalahi ke ola no nā devops.
ʻO ka GlobalSign a me Venafi demo he ʻelua ʻāpana. ʻO ka mea mua, pehea e hoʻonohonoho ai iā Venafi Cloud a me GlobalSign PKI. A laila pehea e hoʻohana ai e noi i nā palapala hōʻoia e like me nā kulekele i hoʻokumu ʻia, me ka hoʻohana ʻana i nā mea hana maʻamau.
Nā kumuhana nui:
- ʻO ka hoʻopuka ʻana i ka palapala hōʻoia i loko o nā ʻano DevOps CI/CD (no ka laʻana, Jenkins).
- Loaʻa koke i ka PKI a me nā lawelawe palapala hōʻoia ma ka waihona noi holoʻokoʻa (hoʻopuka i nā palapala hōʻoia i loko o ʻelua kekona)
- ʻO ka hoʻohālikelike ʻana i nā ʻōnaehana kī lehulehu me nā hoʻonā i hoʻomākaukau ʻia no ka hoʻohui ʻana me ka orchestration ipu, ka hoʻokele huna a me nā ʻōnaehana automation (no ka laʻana, Kubernetes, OpenShift, Terraform, HashiCorp Vault, Ansible, SaltStack a me nā mea ʻē aʻe). Hōʻike ʻia ka papahana maʻamau no ka hoʻopuka ʻana i nā palapala hōʻoia ma ka kiʻi ma lalo nei.
Hoʻolālā no ka hoʻopuka ʻana i nā palapala hōʻoia ma o HashiCorp Vault, Venafi Cloud a me GlobalSign. Ma ke kiʻikuhi, kū ʻo CSR no ka palapala noi palapala. - Kiʻekiʻe kiʻekiʻe a me ka hilinaʻi PKI ʻōnaehana no ka dynamic a me ka scalable kaiapuni
- Ke hoʻohana nei i nā pūʻulu palekana ma o nā kulekele a me ka ʻike ʻia o nā palapala i hāʻawi ʻia
Hāʻawi kēia ala iā ʻoe e hoʻonohonoho i kahi ʻōnaehana hilinaʻi me ka ʻole o ka loea i ka cryptography a me ka PKI.
Ua ʻōlelo ʻo Venafi he ʻoi aku ka maikaʻi o ka hopena i ka wā lōʻihi, ʻoiai ʻaʻole ia e koi i ke komo ʻana o nā loea PKI uku nui a me nā kumu kākoʻo.
Hoʻopili piha ʻia ka hopena i loko o ka pipeline CI/CD i kēia manawa a uhi i nā pono palapala a pau o ka hui. Ma kēia ala, hiki i nā mea hoʻomohala a me nā devops ke hana wikiwiki me ka ʻole e hoʻoponopono i nā pilikia cryptographic paʻakikī.
Source: www.habr.com