ProHoster > Blog > Utongi > Kubatsira devops kushandisa PKI

Kubatsira devops kushandisa PKI

Kubatsira devops kushandisa PKI
Venafi Key Integrations

MaDevs atove nebasa rakawanda rekuita, uye anosungirwawo kuve neruzivo rwehunyanzvi rwecryptography uye yeruzhinji kiyi zvivakwa (PKI). Hazvina kunaka.

Chokwadi, muchina wega wega unofanirwa kuve uine chitupa cheTLS. Iwo anodiwa kumaseva, midziyo, chaiwo michina, uye mumasevhisi meshes. Asi nhamba yemakiyi uye zvitupa inokura kunge bhora rechando, uye manejimendi anokurumidza kuita bongozozo, anodhura uye ane njodzi kana iwe ukaita zvese iwe pachako. Pasina kunaka kwekuita mutemo uye maitiro ekutarisa, mabhizinesi anogona kutambura nekuda kwezvitupa zvisina simba kana kupera kusingatarisirwe.

GlobalSign uye Venafi vakaronga maviri webcasts kubatsira devops. Yekutanga ndeyesumo, uye wechipiri - na mamwe mazano chaiwo ehunyanzvi kubatanidza iyo PKI sisitimu kubva kuGlobalSign kuburikidza neVenafi gore uchishandisa yakavhurika sosi maturusi kuburikidza neHashiCorp Vault kubva kuJenkins CI/CD pombi.

Matambudziko makuru ezvitupa zviripo manejimendi maitiro anokonzerwa nehuwandu hukuru hwemaitiro:

  • Kugadzira zvitupa zvekuzvisaina muOpenSSL.
  • Shanda neakawanda HashiCorp Vault zviitiko kubata yakavanzika CA kana kuzvisaina zvitupa.
  • Kunyoreswa kwezvikumbiro zvezvitupa zvinovimbwa.
  • Kushandisa zvitupa kubva kuruzhinji gore vanopa.
  • Automate Let's Encrypt setifiketi kuvandudzwa
  • Kunyora zvinyorwa zvako
  • Kuzvigadzirisa wega kwezvishandiso zveDevOps seRed Hat Ansible, Kubernetes, Pivotal Cloud Foundry.

Maitiro ese anowedzera njodzi yekukanganisa uye anotora nguva. Venafi iri kuyedza kugadzirisa matambudziko aya uye kuita kuti hupenyu huve nyore kune devops.

Kubatsira devops kushandisa PKI

Iyo GlobalSign uye Venafi demo ine zvikamu zviviri. Kutanga, maitiro ekumisikidza Venafi Cloud uye GlobalSign PKI. Wobva washandisa sei kukumbira zvitupa zvinoenderana nematanho akaiswa, uchishandisa maturusi anozivikanwa.

Misoro mikuru:

  • Otomatiki yekuburitsa chitupa mukati meiyo iripo DevOps CI/CD nzira (semuenzaniso, Jenkins).
  • Kupinda kwekare kuPKI uye masevhisi masevhisi mukati mese rekushandisa stack (kuburitsa zvitupa mukati memasekonzi maviri)
  • Kumisikidzwa kweruzhinji kiyi zvivakwa zvine mhinduro dzakagadzirira-dzakagadzirwa dzekubatanidza nemidziyo orchestration, zvakavanzika manejimendi uye otomatiki mapuratifomu (semuenzaniso, Kubernetes, OpenShift, Terraform, HashiCorp Vault, Ansible, SaltStack nevamwe). Iyo general scheme yekuburitsa zvitupa inoratidzwa mumufananidzo uri pazasi.

    Kubatsira devops kushandisa PKI
    Scheme yekuburitsa zvitupa kuburikidza neHashiCorp Vault, Venafi Cloud uye GlobalSign. Mumufananidzo, CSR inomirira Chikumbiro Chekusaina Chitupa.

  • Yakakwira kuburikidza uye yakavimbika PKI zvivakwa zveakasimba, zvakanyanya scalable nharaunda
  • Kushandisa mapoka ekuchengetedza kuburikidza nemitemo uye kuonekwa kwezvitupa zvakapihwa

Iyi nzira inobvumidza iwe kuronga yakavimbika sisitimu pasina kuve nyanzvi mune cryptography uye PKI.

Kubatsira devops kushandisa PKI
Venafi Zvakavanzika Injini

Venafi inototi iyi mhinduro inodhura zvakanyanya mukufamba kwenguva, sezvo isingade kubatanidzwa kwevakabhadharwa zvakanyanya nyanzvi dzePKI uye mari yekutsigira.

Mhinduro yacho yakanyatsobatanidzwa mune iripo CI/CD pombi uye inovhara zvese zvinodiwa setifiketi zvekambani. Nenzira iyi, vagadziri uye devops vanogona kushanda nekukurumidza pasina kubata neyakaoma cryptographic nyaya.

Source: www.habr.com

Voeg