1Password
launched a solution to help streamline how companies manage and secure
infrastructure secrets throughout the entire development lifecycle - from the
first line of code into production. Today's abundance of technology
vulnerabilities leaves proprietary company details susceptible to attacks from
bad actors as well as human error from employees. 1Password's new features,
including CI/CD integrations and 1Password Shell Plugins, allow developers to
keep their code secure by managing keys, credentials and secrets, as projects
move through different environments.
"True business security
requires that we address vulnerabilities, not just at one or two points, but
throughout the entire development lifecycle. We've streamlined how developers
manage infrastructure secrets, while also providing them with stronger,
better-integrated security from one stage of a project lifecycle to the next,"
said Steve Won, chief product officer at 1Password. "We're passionate about our
developer community and are committed to helping them reduce busywork by
improving usability and security. The developer workflow is a critical pillar
of our roadmap in 2023, which includes a promise to make their lives as easy as
possible."
In its report ‘Hiding in Plain Sight,' 1Password looks at how secrets mismanagement poses a
cybersecurity threat to businesses and costs companies $1.2 million annually.
The report also found that 80% of IT/DevOps organizations admit to not managing
their secrets well, and that half of IT/Dev workers don't know how many
locations their company secrets are scattered across, with too many to count.
Moreover, 60% of IT/DevOps organizations have experienced secrets leakage in
some form.
The software development
lifecycle typically comprises several stages that move through coding,
building, testing, deployment and operation. Where Developer Tools (coding and building) helps secure development
credentials, and Secrets Automation (operation) secures enterprises' infrastructure and
machine-to-machine secrets, these new features announced today will help bridge
gaps within the development lifecycle to offer protection for testing,
deployment and beyond:
- 1Password Shell Plugins:
Allow developers to sign in to any CLI with a fingerprint, by storing their API
access keys in 1Password. This makes it possible to sync credentials, in
encrypted vaults, across devices and eliminates the need to store plaintext
keys on disk. Developers can install existing plugins for their toolchain via
the 1Password CLI and can build their own plugins via the open source community
project.
- CI/CD Integrations:
Enable developers to secure secrets in 1Password and access them directly
within CI/CD environments with pre-built integrations for CircleCI, GitHub
Actions, and Jenkins. Developers can reference secrets directly within jobs and
can update as needed within 1Password without requiring admin access for their
CI/CD platform.
- Git Commit Signing:
Allows developers to sign their Git commits and receive a "verified"
badge on GitHub and GitLab via SSH keys that are generated, configured and
stored in 1Password.
"Many of our users rely on
GitLab to shorten code review cycles, increase their developer productivity and
strengthen overall security at every step," said Kai Armstrong, senior product
manager at GitLab. "1Password's latest rollout is an important development in
that last bucket. Launching Shell Plugins will help ensure developers can
access our tools in their terminals as quickly and securely as possible."