I-Venafi Key Integrations
Ama-Devs asevele anomsebenzi omningi okufanele awenze, futhi kudingeka abe nolwazi lochwepheshe lwe-cryptography nengqalasizinda yokhiye womphakathi (i-PKI). Akulungile.
Ngempela, wonke umshini kufanele ube nesitifiketi esivumelekile se-TLS. Ziyadingeka kumaseva, iziqukathi, imishini ebonakalayo, kanye nezinsizakusebenza. Kodwa inani lezihluthulelo nezitifiketi likhula njengebhola leqhwa, futhi ukuphatha ngokushesha kuba nesiphithiphithi, kuyabiza futhi kuyingozi uma wenza konke ngokwakho. Ngaphandle kokusetshenziswa kwenqubomgomo okuhle kanye nezinqubo zokuqapha, amabhizinisi angahlupheka ngenxa yezitifiketi ezibuthakathaka noma ukuphelelwa yisikhathi okungalindelekile.
I-GlobalSign kanye ne-Venafi bahlele ama-webcast amabili ukusiza ama-devops. , kanti eyesibili - nge ukuxhuma uhlelo lwe-PKI olusuka ku-GlobalSign ngefu le-Venafi usebenzisa amathuluzi omthombo ovulekile nge-HashiCorp Vault kusukela epayipini le-Jenkins CI/CD.
Izinkinga eziyinhloko zezinqubo zokuphatha isitifiketi ezikhona zibangelwa inombolo enkulu yezinqubo:
- Ukukhiqiza izitifiketi zokuzisayinela ku-OpenSSL.
- Sebenza ngezimo eziningi ze-HashiCorp Vault ukuze uphathe i-CA yangasese noma izitifiketi ezizisayinele.
- Ukubhaliswa kwezicelo zezitifiketi ezithenjwayo.
- Ukusebenzisa izitifiketi ezivela kubahlinzeki bamafu basesidlangalaleni.
- I-Automating Masibethele ukuvuselelwa kwesitifiketi
- Ukubhala eyakho imibhalo
- Ukuzilungiselela kwamathuluzi e-DevOps afana ne-Red Hat Ansible, i-Kubernetes, i-Pivotal Cloud Foundry
Zonke izinqubo zandisa ubungozi bephutha futhi zidla isikhathi. I-Venafi izama ukuxazulula lezi zinkinga nokwenza impilo ibe lula kuma-devops.
Idemo ye-GlobalSign ne-Venafi iqukethe izigaba ezimbili. Okokuqala, indlela yokusetha i-Venafi Cloud ne-GlobalSign PKI. Bese uyisebenzisa kanjani ukuze ucele izitifiketi ngokwezinqubomgomo ezimisiwe, usebenzisa amathuluzi ajwayelekile.
Izihloko ezibalulekile:
- Ukuzenzakalela kokukhishwa kwesitifiketi ngaphakathi kwezindlela ezikhona ze-DevOps CI/CD (isibonelo, i-Jenkins).
- Ukufinyelela okusheshayo ku-PKI nezinkonzo zesitifiketi kuso sonke isitaki sohlelo lokusebenza (ukukhipha izitifiketi phakathi nemizuzwana emibili)
- Ukumiswa kwengqalasizinda eyisihluthulelo somphakathi enezixazululo esezakhiwe ngomumo zokuhlanganiswa ne-orchestration yeziqukathi, ukuphathwa kwezimfihlo kanye nezinkundla ezizenzakalelayo (isibonelo, i-Kubernetes, i-OpenShift, i-Terraform, i-HashiCorp Vault, i-Ansible, i-SaltStack nezinye). Uhlelo olujwayelekile lokukhishwa kwezitifiketi luboniswa emfanekisweni ongezansi.
Uhlelo lokukhipha izitifiketi nge-HashiCorp Vault, i-Venafi Cloud kanye ne-GlobalSign. Kumdwebo, i-CSR imele Isicelo Sokusayina Isitifiketi. - Ukusebenza okuphezulu kanye nengqalasizinda ye-PKI enokwethenjelwa yezindawo eziguquguqukayo, ezingakala kakhulu
- Ukusebenzisa amaqembu okuvikela ngezinqubomgomo nokubonakala kwezitifiketi ezikhishiwe
Le ndlela ikuvumela ukuthi uhlele uhlelo oluthembekile ngaphandle kokuba uchwepheshe we-cryptography kanye ne-PKI.
I-Venafi Secrets Engine
I-Venafi ize ithi iyisixazululo esingabizi kakhulu ngokuhamba kwesikhathi, ngoba ayidingi ukubandakanyeka kochwepheshe abakhokhelwa kakhulu be-PKI kanye nezindleko zokusekela.
Isixazululo sihlanganiswe ngokugcwele epayipini elikhona le-CI/CD futhi lifaka zonke izidingo zesitifiketi senkampani. Ngale ndlela, abathuthukisi nama-devops bangasebenza ngokushesha ngaphandle kokubhekana nezinkinga ezinzima ze-cryptographic.
Source: www.habr.com