Okta, a major provider of cloud-based user identity and authentication services, this week announced Okta Starter Developer Edition at their annual user conference in San Francisco. The developer security service, which is designed to upgrade devops orchestration pipeline security, is available for free. For more information or to sign up check this link.
All Toolchains and Pipelines Need Security
When Salesforce devops practitioners create devops toolchains, the issue of credential management quickly arises. In fact, managing all the credentials, and who or what gets access to those credentials, can quickly become not only a management crisis, but a security vulnerability. Credential management can get extreme in some situations, requiring a service mesh to keep track of everything.
Okta wants developers to get ahead of the game by using Okta Starter Developer Edition to organize all of the credentials needed for orchestration. The service may be used to centrally store credentials used to access various cloud-based services. Developers then gain access to those credentials based on their personal identity.
Salesforce devops engineers probably do not think they need a separate, cloud-based credential management system. Frequently, however, the need for credential management comes up due to disorganization issues or a security incident. Introducing a credential management strategy early on in a devops management process prevents costly retrofits or security incidents. So it makes sense to audit credential management to see if there are any obvious vulnerabilities or inefficiencies that products like Okta could address.
Check For Secrets Starting Today
Starting today, teams who are not ready for a credential management system must take the minimum precautions against leaking orchestration pipeline credentials. Start with enforcing the use of credential file names and the appropriate
.gitignore file contents. That will keep credentials out of Git repositories, which is all too common an occurrence. Consider the use of Git repository scanning tools look for credential patterns.
Keep Looking at Developer Security
Developer security needs constant reassessment. Salesforce devops toolchains and scripts need checking. Products offered by cloud-based security vendors like Okta can sometimes help with improving the efficiency and security of day-to-day operations.
Vern’s Salesforce Devops Posts
- Use the Salesforce Devops Segmentation Model for IT Success
- Salesforce Devops in Early 2021
- The Ways of the Salesforce Devops: Build or Buy?
- SFDX-CLI Paves The Way for Open-Source Salesforce Devops
About Vernon Keenan
Vernon Keenan (LinkedIn) works as a senior information technology industry consultant based in Oakland, California.
He earned his B.Sc. in Biomedical Engineering at Northwestern University where he programmed a PDP-8 with punched paper tape.
In his 34-year-long career he has been a teacher, SPSS programmer, database administrator, clinical researcher, technology journalist, product marketing manager, market researcher, management consultant, and industry analyst. Most recently he is a telecom operator, cloud architect, Go devops engineer and Salesforce Developer/Architect.
For inquiries about Salesforce strategy briefings or solution architect work please contact Vern directly at +1-510-679-1900 or firstname.lastname@example.org.