Security at Inception: Ansible Orchestration Meets Security Management


This session provides practical guidance and tips for improving the security of automation processes which run on Ansible, including examples of how to leverage popular enterprise and open source tools for secrets management, as well as other tips to strengthen security.

Except of course, for you….. humans are not perfect. We don’t follow code and we’re not robots. We also have a lot of things going on at once, and from time to time we need a break. Human processes are manual processes, and today an alarming number of organizations take on manual tasks managing credentials and onboarding secrets into their secret service of choice. 

Too frequently human error or absence of process results in inadvertent security vulnerabilities, and then when poorly secured processes are automated or the automation solutions themselves are not secured – those vulnerabilities simply scale and unnecessarily expose the enterprise.

This session provides practical guidance and tips for improving the security of automation processes, specifically using Ansible, to reduce human error, increase agility and reduce stress, all while establishing a high level of security.

The talk covers real-world examples of the different methods enterprises have used to secure their Ansible environments, including:
• Utilization of popular enterprise and open source secrets management solutions to secure Ansible, including examples of writing Ansible roles such as the infamousjoeg.provisioning to automate the onboarding of secrets as they’re created.
• Utilization of Ansible’s built-in cyberarkpassword lookup plugin to remove SSH private keys and root account passwords out of inventory files and Ansible playbooks. Instead grabbing them securely “just-in-time” (JIT) to login to remote target hosts.
• Utilization of request-based applications, such as ServiceNow, to further automate the credential onboarding process in tandem with Ansible orchestration.
You’ll leave the session with practical tips and tools so you can immediately start strengthening the security of your Ansible processes and playbooks.

Slides here



Joe Garcia, CyberArk