Virtualization Technology News and Information
1Password's New Tools Secure Entire Software Development Lifecycle

1Password launched a solution to help streamline how companies manage and secure infrastructure secrets throughout the entire development lifecycle - from the first line of code into production. Today's abundance of technology vulnerabilities leaves proprietary company details susceptible to attacks from bad actors as well as human error from employees. 1Password's new features, including CI/CD integrations and 1Password Shell Plugins, allow developers to keep their code secure by managing keys, credentials and secrets, as projects move through different environments. 

"True business security requires that we address vulnerabilities, not just at one or two points, but throughout the entire development lifecycle. We've streamlined how developers manage infrastructure secrets, while also providing them with stronger, better-integrated security from one stage of a project lifecycle to the next," said Steve Won, chief product officer at 1Password. "We're passionate about our developer community and are committed to helping them reduce busywork by improving usability and security. The developer workflow is a critical pillar of our roadmap in 2023, which includes a promise to make their lives as easy as possible."

In its report ‘Hiding in Plain Sight,' 1Password looks at how secrets mismanagement poses a cybersecurity threat to businesses and costs companies $1.2 million annually. The report also found that 80% of IT/DevOps organizations admit to not managing their secrets well, and that half of IT/Dev workers don't know how many locations their company secrets are scattered across, with too many to count. Moreover, 60% of IT/DevOps organizations have experienced secrets leakage in some form.

The software development lifecycle typically comprises several stages that move through coding, building, testing, deployment and operation. Where Developer Tools (coding and building) helps secure development credentials, and Secrets Automation (operation) secures enterprises' infrastructure and machine-to-machine secrets, these new features announced today will help bridge gaps within the development lifecycle to offer protection for testing, deployment and beyond: 

  • 1Password Shell Plugins: Allow developers to sign in to any CLI with a fingerprint, by storing their API access keys in 1Password. This makes it possible to sync credentials, in encrypted vaults, across devices and eliminates the need to store plaintext keys on disk. Developers can install existing plugins for their toolchain via the 1Password CLI and can build their own plugins via the open source community project.
  • CI/CD Integrations: Enable developers to secure secrets in 1Password and access them directly within CI/CD environments with pre-built integrations for CircleCI, GitHub Actions, and Jenkins. Developers can reference secrets directly within jobs and can update as needed within 1Password without requiring admin access for their CI/CD platform.
  • Git Commit Signing: Allows developers to sign their Git commits and receive a "verified" badge on GitHub and GitLab via SSH keys that are generated, configured and stored in 1Password.

"Many of our users rely on GitLab to shorten code review cycles, increase their developer productivity and strengthen overall security at every step," said Kai Armstrong, senior product manager at GitLab. "1Password's latest rollout is an important development in that last bucket. Launching Shell Plugins will help ensure developers can access our tools in their terminals as quickly and securely as possible." 

Published Wednesday, December 07, 2022 10:06 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2022>