SunnyVision obtains “secrets management” support from new open source Trousseau software
Ondat, the leading Kubernetes-native data platform provider, announced it is teaming with SUSE, a global leader in innovative, reliable and secure enterprise-grade open source solutions, to deliver management of digital authentication credentials (secrets management) in Kubernetes to protect access to sensitive data for SunnyVision, a data center infrastructure service provider. This comes just after the release of Ondat’s Trousseau open source project in February.
Top iTechnology Machine Learning News: Honely.com Signs Licensing Agreement for Its Property and Area Forecast APIs with Forescite, Inc.
Previously, secrets management in Kubernetes was complicated and added lots of components – anathema for security professionals. The Trousseau open source project addresses these issues, leading Ondat and SUSE to team up to provide this enhanced security for their customer, SunnyVision.
With SUSE Rancher and built-in Trousseau, SunnyVision can now leverage the native Kubernetes way to store and access secrets in a safe way by plugging into Hashicorp Vault using the Kubernetes KMS provider framework. No additional changes or new skills are required.
“Segregation of the encryption keys in our multi-tenant environment means every data volume has its own key and has secure access protected from any of the other tenants,” said Bill Wong, CEO, SunnyVision. “Trousseau guarantees the security of keys, and without it this sort of secure data storage for containers would be very complex and near impossible.”
Andy King, partner solution architect at SUSE, said, “The Ondat data platform is used by SunnyVision as the basis for its database as a service (DBaaS) which is attractive to managed service provider (MSP) customers. MSPs are able to build services on the DBaaS to provide customized solutions to their customers. The integration with SUSE Rancher to easily consume Key Management Systems (KMS) addresses the critical need for protecting sensitive data in cloud-native solutions deployed in the Kubernetes ecosystem.”
Top iTechnology Automation News: Shift Technology Achieves HITRUST Risk-based, 2-year Certification to Manage Risk, Improve Security Posture, and Meet Compliance Requirements
Trousseau uses Kubernetes etcd to store API object definitions and states. The Kubernetes secrets are shipped into the etcd key-value store database using an in-flight envelope encryption scheme with a remote transit key saved in a KMS. Secrets protected and encrypted with Trousseau and its native Kubernetes integration can connect with a key management system to secure database credentials, a configuration file or TLS (Transport Layer Security) certificate that contains critical information and is easily accessible by an application using the standard Kubernetes API primitives.
“Secrets management has always been one of the most difficult issues in Kubernetes,” said Romuald Vandepoel, principal cloud architect with Ondat and the project lead for Trousseau. “We’re glad to see Trousseau applied to that long-time problem being deployed at major installations as part of SUSE Rancher.”
Top iTechnology Robotics News: Plus One Robotics and Tompkins Robotics Announce Strategic Partnership to Deliver State of the Art Sorting and Picking for High-Volume Warehouses
[To share your insights with us, please write to sghosh@martechseries.com]
