Are your Ops tools encrypted?

By Sherry Wei
Founder and CTO, Aviatrix
December 12, 2017

We recently did a survey on popular DevOps tools and discovered some normal stuff — most of them are client server based; also learned something new — most of them are not encrypted. Tools like Chef, Puppet, Jenkins, etc, where data packets between client and server travel in clear text.

Typically in a cloud deployment, there is a shared service VPC or management VPC where DevOps tools are deployed. Application instances are hosted in spoke VPCs. Most of the application images have agents installed, enabling them to be managed by servers residing in the management VPC.

DevOps tools, either for build, configuration or test, initiate traffic between client and servers crossing the VPC network boundary. IF they are all in clear text, sensitive data could be exposed.

Take a look at your own tools, ask your DevOps or CloudOps teams. If you can do more for data security and data privacy, you should. Encrypt all and any data in transit and at rest.

Below is a sample analysis of some of these tools. Let me know if your favorite one is missing.

DevOps Tools Analysis



Comments are closed for this post.