Cloud Native Computing Foundation sponsored this podcast.
HashiCorp Vault grabbed the top honors in the secrets management category in the latest Cloud Native Computing Foundation (CNCF) Tech Radar report, which covers the “secrets management” tools. Cloud service providers’ built-in offerings are also popular in this space: in addition to HashiCorp Vault and Certificate Manager; Amazon Web Services’ (AWS) Secrets Manager and AWS Key Management Service are listed in the Adopt category in the report. Google’s GCP Secrets Management is in the report’s Assess category.
In this edition of The New Stack Analysts podcast, host Alex Williams, founder and publisher of The New Stack and co-host Cheryl Hung, vice president of ecosystem at CNCF, discuss why secrets management is essential for DevOps teams, what the tool landscape is like and why Vault was selected as the top alternative. Two end-users who contributed to the report were also featured in this podcast: Steve Nolen, site reliability engineer for data science software provider RStudio, and Andrea Galbusera, engineering and co-founder, AuthKeys, a SaaS platform provider for managing and auditing servers authorizations and logins.
SoundCloud | Fireside.fm | Pocket Casts | Stitcher | Apple Podcasts | Overcast | Spotify | TuneIn | RSS Feed | Player FM
Secrets management tools are largely seen as essential in the DevOps world, especially whenever code and data are shared among software developers and in distributed working environments. “In the level of the technical world that we’re all kind of operating in, it’s pretty difficult to really do much of anything without secrets,” said Nolen. “Every company that’s building up a software stack and having interaction between those applications requires a pretty distinct need for secrets at all of these levels. And so, with secrets comes a requirement to manage them and hopefully manage them securely.”
Secrets tools are a fragmented market category. During the creation of the Tech Radar report, Galbusera noted the large number of tools available in the space.
“This is something that I expected because when I had to investigate what tools to use for our company, I immediately found that this fragmentation was really widespread,” said Galbusera.
As mentioned above, the survey reflected how a large number of organizations opt to adopt secrets management tools from cloud providers. Nolen noted he had already anticipated that the organizations in the survey relied on native cloud solutions for their secrets management tools before the survey even began. “When I’m looking at this problem on my own or with the organization that I’m working for, one of the first off-the-top kind of things that we look into is [if] our current public cloud provider offers an effective or useful service for the solution that we’re trying to get at here?” said Nolen.
The survey results did indeed support Nolen’s hypothesis, finding that companies tend to adopt secrets management offerings “more rapidly than alternatives,” even when public cloud providers offer a “service that could solve some or all of these secret-management problems,” said Nolen.
HashiCorp Vault, of course, is an exception, serving as a very popular secrets tool not provided directly by a cloud vendor. Among the reasons accounting for why Vault, the “major cloud-agnostic player,” is so popular is how it “offers such a robust feature set when organizations are looking at multicloud,” Nolen explained. “It is really like the go-to comprehensive end-to-end already adopted solution,” said Nolen. “So, the complexity is largely worth it in that case.”
Amazon Web Services, and HashiCorp are sponsors of The New Stack.