Venafi Key Integrations
Ma Devs ali kale ndi ntchito yambiri yoti achite, ndipo akuyeneranso kukhala ndi chidziwitso cha cryptography ndi public key infrastructure (PKI). Si bwino.
Zowonadi, makina aliwonse ayenera kukhala ndi satifiketi yovomerezeka ya TLS. Amafunikira ma seva, zotengera, makina enieni, komanso ma meshes a utumiki. Koma kuchuluka kwa makiyi ndi satifiketi kumakula ngati chipale chofewa, ndipo kasamalidwe kamakhala chipwirikiti, okwera mtengo komanso owopsa ngati mumachita chilichonse nokha. Popanda kutsatiridwa bwino kwa mfundo ndi kuwunika, mabizinesi amatha kuvutika chifukwa cha satifiketi yofooka kapena kutha ntchito mosayembekezereka.
GlobalSign ndi Venafi adakonza mawebusayiti awiri kuti athandizire ma devops. , ndipo chachiwiri - ndi kulumikiza dongosolo la PKI kuchokera ku GlobalSign kudzera pamtambo wa Venafi pogwiritsa ntchito zida zotseguka kudzera pa HashiCorp Vault kuchokera papaipi ya Jenkins CI/CD.
Mavuto akuluakulu a njira zoyendetsera satifiketi zomwe zilipo zimayamba chifukwa cha njira zambiri:
- Kupanga ziphaso zodzisayina zokha mu OpenSSL.
- Gwirani ntchito ndi zochitika zingapo za HashiCorp Vault kuti muzitha kuyang'anira zachinsinsi za CA kapena ziphaso zodzilembera nokha.
- Kulembetsa mafomu a ziphaso zodalirika.
- Kugwiritsa ntchito satifiketi kuchokera kwa opereka mtambo wapagulu.
- Automating Let's Encrypt kukonzanso satifiketi
- Kulemba zolemba zanu
- Kudzipangira nokha zida za DevOps monga Red Hat Ansible, Kubernetes, Pivotal Cloud Foundry
Njira zonse zimawonjezera chiopsezo cha zolakwika ndipo zimatenga nthawi. Venafi akuyesera kuthetsa mavutowa ndikupangitsa moyo kukhala wosavuta kwa ma devops.
Chiwonetsero cha GlobalSign ndi Venafi chili ndi magawo awiri. Choyamba, momwe mungakhazikitsire Venafi Cloud ndi GlobalSign PKI. Ndiye momwe mungagwiritsire ntchito popempha ziphaso molingana ndi ndondomeko zokhazikitsidwa, pogwiritsa ntchito zida zodziwika bwino.
Mitu yayikulu:
- Makina operekera satifiketi mkati mwa njira zomwe zilipo kale za DevOps CI/CD (mwachitsanzo, Jenkins).
- Kufikira pompopompo kwa PKI ndi ntchito za satifiketi pagulu lonse la mapulogalamu (zopereka ziphaso mkati mwa masekondi awiri)
- Kuyimitsidwa kwa zomangamanga zazikulu zapagulu zokhala ndi mayankho okonzeka ophatikizika ndi zida zoyimba, kasamalidwe ka zinsinsi ndi nsanja zodzichitira (mwachitsanzo, Kubernetes, OpenShift, Terraform, HashiCorp Vault, Ansible, SaltStack ndi ena). Chiwembu chopereka satifiketi chikuwonetsedwa m'chithunzichi.
Chiwembu chopereka ziphaso kudzera ku HashiCorp Vault, Venafi Cloud ndi GlobalSign. Pachithunzichi, CSR imayimira Pempho Losaina Satifiketi. - Kuchulukirachulukira komanso zomangamanga zodalirika za PKI zamalo osinthika, owopsa kwambiri
- Kugwiritsa ntchito magulu achitetezo kudzera mu ndondomeko ndi kuwonekera kwa ziphaso zoperekedwa
Njirayi imakulolani kuti mukonzekere dongosolo lodalirika popanda kukhala katswiri wa cryptography ndi PKI.
Venafi Secrets Engine
Venafi amangonena kuti ndi njira yotsika mtengo kwambiri pakapita nthawi, chifukwa sichifuna kutenga nawo gawo kwa akatswiri olipidwa kwambiri a PKI ndi ndalama zothandizira.
Yankho lake likuphatikizidwa mu mapaipi omwe alipo a CI/CD ndipo amakwaniritsa zofunikira zonse zamakampani. Mwanjira iyi, opanga ndi ma devops amatha kugwira ntchito mwachangu popanda kuthana ndi zovuta zachinsinsi.
Source: www.habr.com