Venafi Key Integrations
Li-Devs li se li ntse li e-na le mosebetsi o mongata oo li lokelang ho o etsa, 'me li boetse li hlokoa ho ba le tsebo ea litsebi tsa li-cryptography le lisebelisoa tsa bohlokoa tsa sechaba (PKI). Ha ea nepahala.
Ehlile, mochini o mong le o mong o tlameha ho ba le setifikeiti se nepahetseng sa TLS. Li hlokahala bakeng sa li-server, lijana, mechini ea sebele le meshes ea litšebeletso. Empa palo ea linotlolo le setifikeiti e ntse e hōla joaloka snowball, 'me tsamaiso e potlakela ho fetoha moferefere, e theko e boima ebile e le kotsi haeba u iketsetsa ntho e' ngoe le e 'ngoe. Ntle le ts'ebetso e ntle ea leano le mekhoa ea ho beha leihlo, likhoebo li ka sotleha ka lebaka la litifikeiti tse fokolang kapa ho felloa ke nako ho neng ho sa lebelloa.
GlobalSign le Venafi li hlophisitse li-webcasts tse peli ho thusa li-devops. , le ea bobeli - ka ho hokahanya tsamaiso ea PKI ho tloha GlobalSign ka leru la Venafi ho sebelisa lisebelisoa tsa mohloli o bulehileng ka HashiCorp Vault ho tloha pipeline ea Jenkins CI / CD.
Mathata a mantlha a lits'ebetso tsa taolo ea setifikeiti tse teng a bakoa ke palo e kholo ea lits'ebetso:
- Ho hlahisa litifikeiti tsa ho ingolisa ho OpenSSL.
- Sebetsa ka maemo a mangata a HashiCorp Vault ho laola CA ea poraefete kapa litifikeiti tse ingoletseng.
- Ngoliso ea likopo tsa litifikeiti tse tšepahalang.
- Ho sebelisa mangolo a tsoang ho bafani ba maru a sechaba.
- Automating Let's Encrypt dintlafatso tsa setifikeiti
- Ho ngola mangolo a hau
- Ho iketsetsa lisebelisoa tsa DevOps tse kang Red Hat Ansible, Kubernetes, Pivotal Cloud Foundry.
Mekhoa eohle e eketsa kotsi ea phoso mme e ja nako. Venafi e leka ho rarolla mathata ana le ho nolofatsa bophelo bakeng sa li-devops.
Pontšo ea GlobalSign le Venafi e na le likarolo tse peli. Taba ea pele, mokhoa oa ho theha Venafi Cloud le GlobalSign PKI. Ebe u ka e sebelisa joang ho kopa setifikeiti ho latela maano a thehiloeng, ho sebelisa lisebelisoa tse tloaelehileng.
Lihlooho tsa bohlokoa:
- Boiketsetso ba ho fana ka setifikeiti ka har'a mekhoa e teng ea DevOps CI/CD (mohlala, Jenkins).
- Ho fihlella hanghang ho PKI le lits'ebeletso tsa setifikeiti ho pholletsa le stack eohle ea kopo (ho fana ka litifikeiti nakong ea metsotsoana e 'meli)
- Tlhophiso ea lisebelisoa tsa mantlha tsa sechaba tse nang le litharollo tse lokiselitsoeng ho kopanngoa le 'mino oa lijana, taolo ea liphiri le li-platform tsa automation (mohlala, Kubernetes, OpenShift, Terraform, HashiCorp Vault, Ansible, SaltStack le tse ling). Sekema se akaretsang sa ho fana ka disetifikeiti se bontshitswe papisong e ka tlase.
Morero oa ho fana ka litifikeiti ka HashiCorp Vault, Venafi Cloud le GlobalSign. Setšoantšong, CSR e emetse Kopo ea ho Saena Setifikeiti. - Ts'ebetso e phahameng le lisebelisoa tse tšepahalang tsa PKI bakeng sa tikoloho e matla, e kotsi haholo
- Ho sebelisa lihlopha tsa tšireletso ka maano le ponahalo ea litifikeiti tse fanoeng
Mokhoa ona o u lumella ho hlophisa mokhoa o tšepahalang ntle le ho ba setsebi sa li-cryptography le PKI.
Venafi Secrets Engine
Venafi e bile e bolela hore ke tharollo e nang le litšenyehelo tse ngata ka nako e telele, kaha ha e hloke ho kenya letsoho ha litsebi tsa PKI tse lefuoang haholo le litšenyehelo tsa tšehetso.
Tharollo e kenyelelitsoe ka botlalo pompong e teng ea CI/CD mme e akaretsa litlhoko tsohle tsa setifikeiti sa k'hamphani. Ka tsela ena, bahlahisi le li-devops ba ka sebetsa ka potlako ntle le ho sebetsana le litaba tse thata tsa cryptographic.
Source: www.habr.com