Docker Introduces Container Native Secrets Management Solution
February 21, 2017

The latest release of Docker Datacenter includes container-native secrets management, a critical element for ensuring the security of production-grade applications across the entire software supply chain.

Secrets such as API keys, encryption keys and passwords are required for applications to securely interact and their safe operational management is critical to enterprise data integrity and security compliance strategies. Docker secrets management is integrated into Docker Datacenter and specifically architected for containerized environments, providing the only available solution for trusted delivery across any infrastructure. Docker secrets uniquely addresses enterprise requirements for “usable security” by providing a single standardized interface for all applications, making it easy to secure applications whether for Dev or Ops or for Dockerizing traditional apps or microservices. The secrets are encrypted in transit and at rest, leveraging Docker’s built in orchestration capabilities to deliver defined secrets only to the containers running the service associated with it.

“Docker Secrets is another example of bolstering containers with the security, encryption and other capabilities that enterprise organizations expect and demand,” said Jay Lyman, Principal Analyst with 451 Research. "As containers continue to move beyond test and development and pilot projects to production implementation in the enterprise, the ability to provide strong isolation, safer defaults and safer container applications is critical."

Docker Datacenter offers a security platform that provides container-native secrets management in combination with Docker’s other security capabilities such as image signing and verification, image scanning, automatic TLS encryption and more. Docker Datacenter offers enterprises a globally managed user base and integration with their directory services, providing the “glue” between all aspects of the application, the users in the organization and “rules” on how they are allowed to interact together from one end of the supply chain to the other. This means IT and security operations teams can define explicit policies aligned with their compliance rules, provide individual teams with granular access to specific secrets and enable these teams to apply secrets to certain applications. It is only with this comprehensive yet easy-to-use framework that organizations can be assured of safer applications across the entire software supply chain.

“Docker’s secret management capability is the latest security enhancement integrated into the Docker platform as part of our ongoing effort to ensure applications our safer in a containerized environment, ” said Nathan McCauley, Security Director at Docker “Enterprises in the financial services and government sectors with the highest bars for security have recognized that our solution can be a cornerstone to their overall hybrid cloud security strategy. Docker secrets management, as with all aspects of security handled in Docker Datacenter, provides organizations with one security model that can be applied and managed uniformly on premise, in the cloud and across cloud providers.”

Docker’s security solution is designed with both Dev and Ops workflows in mind. Docker presents both types of users with a common, standard interface to collaborate on the security profile of the application. Developers can continue to use their favorite Docker developer tools and simply add the appropriate secrets reference, while Ops can take that file, deploy directly to production and even move to a different infrastructure - without any change to the app or the security profile. This reduces complexity and friction when adopting additional security practices into an existing application pipeline.

Trusted delivery is critical to safeguarding not only the secrets (so they stay secret) but more importantly, it is vital for the integrity of the the applications themselves. Docker includes a default encrypted distributed datastore as a default component of its built in orchestration solution. With this approach, secrets are encrypted at rest in the cluster managers. When containers are provisioned, the secrets are delivered to those containers securely over an encrypted TLS connection. The secrets are always secure because they are only delivered to the authorized application running in the container and are never saved to the nodes in the cluster, so organizations can be assured that their applications are always safer when deployed in a Docker environment.

Portability is a fundamental characteristic of what Docker provides for all applications, ensuring that the integrity of the application is maintained across all environments. This is critical for enterprises embarking on hybrid-cloud or multi-cloud strategies and helps avoid siloed security approaches. Docker Datacenter, with its tight enterprise directory systems integration and fine-grained RBAC model, allows for a uniform application security model backed by common tooling. From a compliance standpoint, this means enterprises can streamline their efforts and upgrade traditional applications to a modern security architecture without rewriting code

Secrets management is available in Docker Datacenter as part of Docker’s 1.13.1 release.

Share this

Industry News

January 16, 2020

VAST Data announced the general availability of its new Container Storage Interface (CSI).

January 16, 2020

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.

January 16, 2020

WhiteHat Security will offer free application scanning services to federal, state and municipal agencies in North America.

January 15, 2020

Micro Focus announced the release of Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud - a solution not previously offered in the marketplace.

January 15, 2020

SaltStack announced the availability of three new open-source innovation modules: Heist, Umbra, and Idem.

January 15, 2020

ShiftLeft announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories.

January 14, 2020

Containous closed $10 million in Series A funding.

January 13, 2020

JFrog announced the launch of the free ConanCenter, enabling better search and discovery while streamlining C/C++ package management.

January 13, 2020

Perfect Sense launched Gyro - a cloud management tool that mitigates the risks associated with manually provisioning and managing infrastructure, lack of standards in configurations, and unpredictable results from changes to cloud infrastructure.

January 13, 2020

Synopsys has completed the acquisition of Tinfoil Security, a provider of dynamic application security testing (DAST) and Application Program Interface (API) security testing solutions.

January 09, 2020

IT Revolution, the industry leader for advancing DevOps, opened its call for presentations for both DevOps Enterprise Summit 2020 events in London and Las Vegas.

January 08, 2020

Anchore announced the immediate availability of Anchore Enterprise 2.2.

January 08, 2020

TigerGraph announced new functionality and performance for TigerGraph Cloud.

January 07, 2020

Compuware Corporation announced a CloudBees Technical Alliance Partner Program (TAPP) Premier Partnership and new advancements to Topaz that together enable organizations to quickly achieve low-risk, low-cost mainframe modernization by fully leveraging their existing mainframe resources.

January 07, 2020

Allegro A officially welcomes Allegro Trains Agent to the Allegro Trains ecosystem.