Home > blog > Launching Secrets Management

Launching Secrets Management

When you build up complex, powerful features in an application it often a good idea to work with another application that is already best in its class. Done right this can yield pretty amazing results. The new secrets management in OneOps is a good example for this approach as it uses the great tool Keywhiz from Square.

Our new secrets management system was implemented by great teamwork across multiple teams at Walmart all working together with Square on Keywhiz-related improvements and configuration and the OneOps-related improvements.

And we ended up with a pretty impressive setup with the following components:

  • A large, fail-safe deployment of Keywhiz servers and backing database systems for secrets storage encrypted with HSMs
  • A deployment of the new OneOps Secrets Proxy
  • A pre-configured binary of the OneOps Secrets CLI for user convenience
  • Addition of the secrets client component to all platforms

The setup allows usage of secrets such as username/password information in files, certificates, keys, tokens and others to be managed in a secure manner end to end. Your OneOps assemblies can access these secrets on your computes as desired and the management and provisioning to the computes is completely secure.

Our deployment is using over a dozen Keywhiz servers and is mostly likely one of the largest Keywhiz production deployments. It is scaled to handle well beyond 100.000 computes with secret clients.

To allow users to ramp up usage quickly, we have created a new training class - OneOps User Training: Level 3 - Advanced Examples that adds secrets management as a first module.

A special thank you has to go out to the team at Square. We look forward to further collaboration!

OneOps Team

 

OneOps Team Blog

Whether we are planning an event, make a new release available, present at a conference or user group meeting or have something cool to share. The OneOps Team Blog here is the place to be for the latest news and more on OneOps.

You might also be curious about what happens In The Press and Elsewhere.

But now, here is the latest from the OneOps team - unless you want to see it all in the archive.