1Password, the leader in human-centric security and privacy, today launched a solution to help streamline how companies manage and secure infrastructure secrets throughout the entire development lifecycle – from the first line of code into production. Today’s abundance of technology vulnerabilities leaves proprietary company details susceptible to attacks from bad actors as well as human error from employees. 1Password’s new features, including CI/CD integrations and 1Password Shell Plugins, allow developers to keep their code secure by managing keys, credentials and secrets, as projects move through different environments.
“True business security requires that we address vulnerabilities, not just at one or two points, but throughout the entire development lifecycle. We’ve streamlined how developers manage infrastructure secrets, while also providing them with stronger, better-integrated security from one stage of a project lifecycle to the next,” said Steve Won, chief product officer at 1Password. “We’re passionate about our developer community and are committed to helping them reduce busywork by improving usability and security. The developer workflow is a critical pillar of our roadmap in 2023, which includes a promise to make their lives as easy as possible.”
In its report ‘Hiding in Plain Sight,’ 1Password looks at how secrets mismanagement poses a cybersecurity threat to businesses and costs companies $1.2 million annually. The report also found that 80% of IT/DevOps organizations admit to not managing their secrets well, and that half of IT/Dev workers don’t know how many locations their company secrets are scattered across, with too many to count. Moreover, 60% of IT/DevOps organizations have experienced secrets leakage in some form.
The software development lifecycle typically comprises several stages that move through coding, building, testing, deployment and operation. Where Developer Tools (coding and building) helps secure development credentials, and Secrets Automation (operation) secures enterprises’ infrastructure and machine-to-machine secrets, these new features announced today will help bridge gaps within the development lifecycle to offer protection for testing, deployment and beyond:
Also Read: How SOC Automation Solutions Can Address Complexity and Boost Performance
- 1Password Shell Plugins: Allow developers to sign in to any CLI with a fingerprint, by storing their API access keys in 1Password. This makes it possible to sync credentials, in encrypted vaults, across devices and eliminates the need to store plaintext keys on disk. Developers can install existing plugins for their toolchain via the 1Password CLI and can build their own plugins via the open-source community project.
- CI/CD Integrations: Enable developers to secure secrets in 1Password and access them directly within CI/CD environments with pre-built integrations for CircleCI, GitHub Actions, and Jenkins. Developers can reference secrets directly within jobs and can update as needed within 1Password without requiring admin access for their CI/CD platform.
- Git Commit Signing: Allows developers to sign their Git commits and receive a “verified” badge on GitHub and GitLab via SSH keys that are generated, configured and stored in 1Password.
“Many of our users rely on GitLab to shorten code review cycles, increase their developer productivity and strengthen overall security at every step,” said Kai Armstrong, senior product manager at GitLab. “1Password’s latest rollout is an important development in that last bucket. Launching Shell Plugins will help ensure developers can access our tools in their terminals as quickly and securely as possible.”
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.