Docker Introduces Container Native Secrets Management Solution
February 21, 2017

The latest release of Docker Datacenter includes container-native secrets management, a critical element for ensuring the security of production-grade applications across the entire software supply chain.

Secrets such as API keys, encryption keys and passwords are required for applications to securely interact and their safe operational management is critical to enterprise data integrity and security compliance strategies. Docker secrets management is integrated into Docker Datacenter and specifically architected for containerized environments, providing the only available solution for trusted delivery across any infrastructure. Docker secrets uniquely addresses enterprise requirements for “usable security” by providing a single standardized interface for all applications, making it easy to secure applications whether for Dev or Ops or for Dockerizing traditional apps or microservices. The secrets are encrypted in transit and at rest, leveraging Docker’s built in orchestration capabilities to deliver defined secrets only to the containers running the service associated with it.

“Docker Secrets is another example of bolstering containers with the security, encryption and other capabilities that enterprise organizations expect and demand,” said Jay Lyman, Principal Analyst with 451 Research. "As containers continue to move beyond test and development and pilot projects to production implementation in the enterprise, the ability to provide strong isolation, safer defaults and safer container applications is critical."

Docker Datacenter offers a security platform that provides container-native secrets management in combination with Docker’s other security capabilities such as image signing and verification, image scanning, automatic TLS encryption and more. Docker Datacenter offers enterprises a globally managed user base and integration with their directory services, providing the “glue” between all aspects of the application, the users in the organization and “rules” on how they are allowed to interact together from one end of the supply chain to the other. This means IT and security operations teams can define explicit policies aligned with their compliance rules, provide individual teams with granular access to specific secrets and enable these teams to apply secrets to certain applications. It is only with this comprehensive yet easy-to-use framework that organizations can be assured of safer applications across the entire software supply chain.

“Docker’s secret management capability is the latest security enhancement integrated into the Docker platform as part of our ongoing effort to ensure applications our safer in a containerized environment, ” said Nathan McCauley, Security Director at Docker “Enterprises in the financial services and government sectors with the highest bars for security have recognized that our solution can be a cornerstone to their overall hybrid cloud security strategy. Docker secrets management, as with all aspects of security handled in Docker Datacenter, provides organizations with one security model that can be applied and managed uniformly on premise, in the cloud and across cloud providers.”

Docker’s security solution is designed with both Dev and Ops workflows in mind. Docker presents both types of users with a common, standard interface to collaborate on the security profile of the application. Developers can continue to use their favorite Docker developer tools and simply add the appropriate secrets reference, while Ops can take that file, deploy directly to production and even move to a different infrastructure - without any change to the app or the security profile. This reduces complexity and friction when adopting additional security practices into an existing application pipeline.

Trusted delivery is critical to safeguarding not only the secrets (so they stay secret) but more importantly, it is vital for the integrity of the the applications themselves. Docker includes a default encrypted distributed datastore as a default component of its built in orchestration solution. With this approach, secrets are encrypted at rest in the cluster managers. When containers are provisioned, the secrets are delivered to those containers securely over an encrypted TLS connection. The secrets are always secure because they are only delivered to the authorized application running in the container and are never saved to the nodes in the cluster, so organizations can be assured that their applications are always safer when deployed in a Docker environment.

Portability is a fundamental characteristic of what Docker provides for all applications, ensuring that the integrity of the application is maintained across all environments. This is critical for enterprises embarking on hybrid-cloud or multi-cloud strategies and helps avoid siloed security approaches. Docker Datacenter, with its tight enterprise directory systems integration and fine-grained RBAC model, allows for a uniform application security model backed by common tooling. From a compliance standpoint, this means enterprises can streamline their efforts and upgrade traditional applications to a modern security architecture without rewriting code

Secrets management is available in Docker Datacenter as part of Docker’s 1.13.1 release.

Share this

Industry News

August 04, 2020

Aqua Security announced that its Cloud Native Security Platform is available through Red Hat® Marketplace, an open cloud marketplace that makes it easier to discover and access certified software for container-based environments across the hybrid cloud.

August 04, 2020

Threat Stack announced the availability of Threat Stack Container Security Monitoring for AWS Fargate.

August 04, 2020

OpenLogic by Perforce now provides an enterprise-class alternative to Oracle Java by offering OpenJDK distributions backed by OpenLogic support.

August 03, 2020

MuseDev launched on Github Marketplace the Early Access version of its code analysis platform, Muse, to help developers find and fix critical security, performance, and reliability bugs, efficiently, before they reach QA or production.

August 03, 2020

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

August 03, 2020

Felicis Ventures has invested an additional $5M in Sourcegraph, bringing the total raised to over $46M, including a $23M Series B in March 2020 led by Craft Ventures.

July 30, 2020

New Relic delivered strategic updates to New Relic One.

July 30, 2020

IT Revolution announced the DevOps Enterprise Summit Las Vegas 2020 will be going virtual.

July 30, 2020

Adaptavist announced the acquisition of Go2Group, a US technology firm specializing in Agile and DevOps services and cloud solutions for the enterprise.

July 29, 2020

Panaya announced a new partnership with Worksoft providing SAP IT organizations with a best in class Change Intelligence solution that enables SAP ECC users to migrate or optimize their system risk-free.

July 29, 2020

Splice Machine launched the Splice Machine Kubernetes Ops Center, deployed with Helm Charts.

July 29, 2020

CirrusHQ, an Amazon Web Services (AWS) Advanced Consulting and Solution Provider partner, has achieved AWS DevOps Competency Status.

July 28, 2020

NetSPI launched Static Application Security Testing (SAST) and Secure Code Review (SCR) services.

July 28, 2020

Centrify debuted Delegated Machine Credentials (DMC) as part of the Centrify Privileged Access Service to reduce risk and empower automation in increasingly complex, infrastructure-as-code-based elastic environments.

July 28, 2020

Tricentis announced an expansion of its strategic partnership with SAP.