Source: thenewstack.io
Securing Automated Database Access
Over my years as a software engineer I’ve seen quite a few different approaches to CI/CD credential management ranging from secure to egregiously bad. A common one that I’ve encountered is the “vault and forget” approach. In this approach, an engineering team uses a credential manager like lastpass or 1Password to store their long-lived shared credentials that their different automation services use.
In contrast, Teleport acts as its own CA, allowing automated service accounts to connect with the database using short-lived SSL certificates with the database credentials and configuration baked right in.
We’ll use this bot user to assign an identity to our automated service, configure RBAC, and allow us to audit all the bot’s activity.
In contrast, Teleport acts as its own CA, allowing automated service accounts to connect with the database using short-lived SSL certificates with the database credentials and configuration baked right in.
We’ll use this bot user to assign an identity to our automated service, configure RBAC, and allow us to audit all the bot’s activity.
Related Articles
Community Partners
DevOps Careers