Docker Introduces Container Native Secrets Management Solution
February 21, 2017

The latest release of Docker Datacenter includes container-native secrets management, a critical element for ensuring the security of production-grade applications across the entire software supply chain.

Secrets such as API keys, encryption keys and passwords are required for applications to securely interact and their safe operational management is critical to enterprise data integrity and security compliance strategies. Docker secrets management is integrated into Docker Datacenter and specifically architected for containerized environments, providing the only available solution for trusted delivery across any infrastructure. Docker secrets uniquely addresses enterprise requirements for “usable security” by providing a single standardized interface for all applications, making it easy to secure applications whether for Dev or Ops or for Dockerizing traditional apps or microservices. The secrets are encrypted in transit and at rest, leveraging Docker’s built in orchestration capabilities to deliver defined secrets only to the containers running the service associated with it.

“Docker Secrets is another example of bolstering containers with the security, encryption and other capabilities that enterprise organizations expect and demand,” said Jay Lyman, Principal Analyst with 451 Research. "As containers continue to move beyond test and development and pilot projects to production implementation in the enterprise, the ability to provide strong isolation, safer defaults and safer container applications is critical."

Docker Datacenter offers a security platform that provides container-native secrets management in combination with Docker’s other security capabilities such as image signing and verification, image scanning, automatic TLS encryption and more. Docker Datacenter offers enterprises a globally managed user base and integration with their directory services, providing the “glue” between all aspects of the application, the users in the organization and “rules” on how they are allowed to interact together from one end of the supply chain to the other. This means IT and security operations teams can define explicit policies aligned with their compliance rules, provide individual teams with granular access to specific secrets and enable these teams to apply secrets to certain applications. It is only with this comprehensive yet easy-to-use framework that organizations can be assured of safer applications across the entire software supply chain.

“Docker’s secret management capability is the latest security enhancement integrated into the Docker platform as part of our ongoing effort to ensure applications our safer in a containerized environment, ” said Nathan McCauley, Security Director at Docker “Enterprises in the financial services and government sectors with the highest bars for security have recognized that our solution can be a cornerstone to their overall hybrid cloud security strategy. Docker secrets management, as with all aspects of security handled in Docker Datacenter, provides organizations with one security model that can be applied and managed uniformly on premise, in the cloud and across cloud providers.”

Docker’s security solution is designed with both Dev and Ops workflows in mind. Docker presents both types of users with a common, standard interface to collaborate on the security profile of the application. Developers can continue to use their favorite Docker developer tools and simply add the appropriate secrets reference, while Ops can take that file, deploy directly to production and even move to a different infrastructure - without any change to the app or the security profile. This reduces complexity and friction when adopting additional security practices into an existing application pipeline.

Trusted delivery is critical to safeguarding not only the secrets (so they stay secret) but more importantly, it is vital for the integrity of the the applications themselves. Docker includes a default encrypted distributed datastore as a default component of its built in orchestration solution. With this approach, secrets are encrypted at rest in the cluster managers. When containers are provisioned, the secrets are delivered to those containers securely over an encrypted TLS connection. The secrets are always secure because they are only delivered to the authorized application running in the container and are never saved to the nodes in the cluster, so organizations can be assured that their applications are always safer when deployed in a Docker environment.

Portability is a fundamental characteristic of what Docker provides for all applications, ensuring that the integrity of the application is maintained across all environments. This is critical for enterprises embarking on hybrid-cloud or multi-cloud strategies and helps avoid siloed security approaches. Docker Datacenter, with its tight enterprise directory systems integration and fine-grained RBAC model, allows for a uniform application security model backed by common tooling. From a compliance standpoint, this means enterprises can streamline their efforts and upgrade traditional applications to a modern security architecture without rewriting code

Secrets management is available in Docker Datacenter as part of Docker’s 1.13.1 release.

Share this

Industry News

January 25, 2021

Progress announced the new release of Progress Kendo UI, a complete collection of JavaScript UI components.

January 25, 2021

CloudNatix announced the close of a $4.5M Seed round financing led by DNX Ventures, with the participation from a new investor Cota Capital and existing investors: Incubate Fund, Vela Partners and 468 Capital.

January 25, 2021

Quali announced $54 million in new funding, co-led by Greenfield Partners and JVP.

January 21, 2021

Platform9 released Platform9 Release 5.0, with a number of new features to provide operational efficiencies for its freedom, growth, and enterprise managed Kubernetes products.

January 21, 2021

Infragistics announced the release of Infragistics Ultimate 20.2, a complete UX and UI solution for  design and development teams  which is fully compatible with .NET 5, Microsoft’s latest  release of .NET development platform.

January 21, 2021

Couchbase Cloud is now available on Microsoft Azure.

January 20, 2021

Hitachi Vantara announced the availability of Hitachi Kubernetes Service, enabling customers to consistently and securely deploy, manage, monitor, and govern Kubernetes clusters across major cloud providers and on premises.

January 20, 2021

Internal announced the launch of an enterprise-ready app development platform for internal tools.

January 20, 2021

StackPulse announced a $20 million Series A led by GGV Capital.

January 19, 2021

GitLab announced GitLab Ultimate for IBM Cloud Paks, which is designed to help streamline team collaboration and increase team productivity with a comprehensive, easy-to-use DevOps platform.

January 19, 2021

Fugue announced new capabilities for bringing public cloud container resources into compliance and ensuring the continuous security of container runtime configurations.

January 19, 2021

Rookout announced new functionality that empowers software developers to debug other people’s code.

January 14, 2021

Oracle is making its popular APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily.

January 14, 2021

Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm.

January 14, 2021

Harness raised $115 million in financing, reaching a valuation of $1.7 billion in just three years after launching from stealth.