Eran Orzel
Dec 21 · 6 min read
A recent Forrester report found that about 63% of IT leaders claim developers lack the understanding and ability to implement proper security controls. Additionally, the same report says that 57% of organizations suffered security incidents related to exposed secrets in DevOps.
Modern applications need to communicate with other external applications, and they require internal service-to-service communication. This means numerous privileged credentials, or secrets, are required to access any service, application and data. The number of secrets in a modern application can quickly scale. With greater scale and complexity, secrets are hard to keep. On top of leaked or compromised secrets, security teams don’t even know what to protect, thus making an already bad problem worse.
It is not enough to merely put in a few security practices to manage secrets. It is crucial to optimize these practices over time. Once secrets are compromised, even a novice cybercriminal can cause great damage.
Secrets management involves securing the lifecycle of credentials, tokens, passwords, and other sensitive information by consistently enforcing security policies. It protects critical assets and resources across tool stacks, platforms, and cloud environments from unauthorized access.
Secrets are non-human privileged credentials that are used to perform digital authentication when privileged users need to access sensitive applications or data. They can take multiple forms.
These are usually username and password combinations used for verification of physical users and for granting access to protected data, services, or endpoints. They are bound to a particular user.
Connection strings connect applications to a database server. So it would contain all the credentials (secrets) required to establish a connection to the target database or file.
These ensure secure communication over risky mediums and help in identity verification and user authentication. Secrets contain both encryption and decryption keys.
Secrets required to access data, resources and servers provided by cloud service providers. They contain credentials required to confirm authentication of users accessing cloud resources.
Secrets required to identify the source of an API request.
Secrets needed to make API requests in support of a user.
Secrets management best practices help minimize the risk of compromising sensitive data and eliminate the chances of unauthorized agents gaining access to critical resources. They help in ensuring complete protection at every phase of a secret’s lifecycle – from creation to deletion.
Managing and securing the integrity of secrets is a hard task with no room for failure. There are numerous factors that need to be taken into account. Therefore, it’s easy to give in to bad practices that lead up to major pitfalls.
Hardcoding or embedding credentials into the source code of an application is risky and can be used by malicious actors to grab access keys, escalate privileges, view secrets, and gain unrestricted access to cause all sorts of damage. A lack of revoking user credentials and periodic rotation of keys can also lead to intruders getting hold of sensitive data and breaching the security of an organization.
When secrets are scattered throughout a system in plain text, it can create several issues but the most significant ones are a lack of visibility, control, and an abundance of unknowability. If secrets are littered across an infrastructure, there is no way of finding out where a breach is and how to fix it.
Organizations need to set clear rules of security policies to secure and control all stages of a secret’s lifecycle.
Secrets are passwords, connection strings and any information that, if exposed, can put an organization at risk. It should only be known to an application and the authenticated users and services. Other information present in a system like identifiers need to be shared selectively which means although they are public, they shouldn’t be guessable by third parties.
Identifiers also need to be unique across all clients of an authorization server. Passwords and keys associated with identifiers usually classify as secrets. Identifiers are at significantly lower risk than secrets and that is precisely why it’s important to have a clear differentiation between them. Secrets need to be managed better than information like identifiers are managed because they carry a bigger risk of causing significant damage to applications and enterprises if leaked.
A system has multiple parts – some that can be completely trusted, some that can be partially trusted and some that are so vulnerable that they cannot be trusted at all. It is important to identify these parts so that a circle of trust can be established. It is best to reveal secrets only to entities that can either be completely trusted (CPU, RAM etc.,) or partially trusted (employees with explicit privileges) and are a part of the circle of trust as this reduces the risk of a breach.
When secrets pass through a system, it goes through multiple steps and various entities. Each step is a link and all the links together form a chain. It is crucial to have complete visibility across the entire chain. This helps eliminate blind spots that can be vulnerable to infiltration. It also helps have control over what trusted parts of the system have access to the secrets.
Ensure that all sensitive data is encrypted by a key management service (KMS) as it encrypts data at multiple levels making it extra secure. It helps encrypt entire files and individual pieces of data within that file with different encryption keys. This helps control what part of a data is shared and what is withheld.
Once in use, a secret should be changed periodically. When secrets stay the same for a long time, multiple people get access to it and can end up compromising it. These compromised secrets can either be unconsciously leaked by employees or be hacked by malicious agents.
Automated machine-generated passwords are random and unique which makes them less susceptible to hackers. Manually generated passwords can be easily cracked which is why they need to be ditched in favour of automated password generation.
Secrets management platforms are software applications that are designed to securely store secrets. They prevent secrets from being embedded in code or saved in any part of the system that is unnecessary and insecure.
Users and applications that have high privileges also have access to sensitive and critical data and resources. So, this can become one of the key ways of leaking data, either consciously or unconsciously. This is precisely why it is important to follow the principle of least privilege wherein any user or application is given only those privileges that are needed to accomplish their task. If a user doesn’t require an access, they shouldn’t be given one.
Additionally, privilege elevation should be granted for a valid reason and should be limited in time. Privileged sessions should be closely monitored to improve oversight and accountability.
In spite of following best practices, some kind of compromise or infiltration is inevitable. When this happens, the most important part is being able to detect unauthorized access. The quicker it is detected, the easier it will be to resolve it with minimum damage.
Managing and storing secrets is a big challenge that requires surveillance from even the most experienced developer. This is why enforcing secrets management best practices helps organizations establish standard security rules and procedures that protect secrets at all stages of its lifecycle.
Developing modern applications can be highly complex due to several disparate services…
On December 9th, the Log4Shell vulnerability (CVE-2021-44228) was published in a GitHub repository and made public….
While the big benefit of open source is the large developer community…
