Skip to content
Opsera Logo

Opsera Automates Secrets Security with GitCustodian

Opsera, a leading SaaS devops platform vendor based in San Francisco, this week announced a new service called GitCustodian, which lets platform owners avoid spilling their secrets in source code repositories. “Source code vulnerabilities have the potential to cost organizations hundreds of millions or even billions of dollars a year due to breaches from cyberattackers,” said Gilbert Martin, VP of customer success and solutions at Opsera. “GitCustodian scans and alerts security teams of vulnerable secrets lurking in source code repositories before it’s too late. These teams are now empowered to proactively enforce secure software development lifecycle best practices through orchestrated secrets governance making source code vulnerabilities a thing of the past,” add Mr. Martin in a press release.

Secrets Security is a Must-Have

The term secrets in a system integration project generally refers to strings and files used to access external systems. Programs like devops pipelines use secrets with external systems to gain access, very much like a username-password combination. Secrets are usually an alphanumeric string less than 120 characters in length, but a secret may also be a JSON file or a cryptographic key.

I, like most developers, have made mistakes with secrets when using source code repositories. Once, I was super excited to get a $2,000 free Google Cloud Platform (GCP) grant. I was all smug and happy after I got my first Kubernetes cluster up and running. Then the next day, when I was getting ready to use the cluster, my account balance was negative! What happened?

Well, I had, like an idiot, saved my GCP project credentials in a public GitHub repository. It didn’t take long for a cybercriminal to scan the repo and find the credentials. The bad actor then used the credentials to spin up a massive cryptocurrency compute job, and my $2,000 was gone almost instantly. I begged Google for forgiveness, and at least I didn’t have to pay back the negative balance.

Enterprises don’t store their source code in public repos, but secrets management is still must-have. System integration projects frequently incorporate sensitive information, and that needs to be protected from internal threat actors. If you’re not fully up on Zero Trust security, then threat actors with access to an internal network can scan for secrets in source code repositories.

Opsera GitCustodian and Vault Work Together

Devops pipelines use secrets all the time. Platforms like Opsera frequently orchestrate actions from a variety of external systems that require secrets for access. And developers frequently make mistakes like mine when setting up new projects.

With this announcement, Opsera has a nice one-two-punch story for secrets management. GitCustodian is the first punch. It automatically scans designated repos from the Opsera software-as-a-service (SaaS) platform. It works as the first line of defense to help developers quickly find mistakes. Once a secret is found Opsera starts remediation actions through Slack, Jira, or other application lifecycle management (ALM) tools.

The second punch is Opsera Vault, which is a secure platform for managing and distributing secrets at run-time. Opsera Vault, which is based on HashiCorp Vault, provides the framework for securely storing and disseminating secrets efficiently. There is an integration between GitCustodian and Vault. When GitCustodian finds a new secret, it passes it along to Vault for proper management.

Platform Integration is Key

Multi-SaaS platform management is a looming issue for most enterprises. Opsera addresses this need by running a low code SaaS platform that manages other SaaS platforms. With their SaaS solution, Opsera gives enterprises a centralized, online place for teams to write and manage SaaS devops pipelines.

The SaaS and Salesforce devops platform industry is still growing and maturing. One measure of each company’s success will be the degree to which each one integrates all the pieces that go into a cohesive devops platform. Eventually, the most successful platforms will integrate all 11 functional devops categories described in the SalesforceDevops.net Industry Map.

Opsera already has a strong integration story with nearly 75 external services listed in its catalog of integrations. With GitGuardian, Opsera steps up its cybersecurity game by launching an integrated secrets management service for SaaS devops.