Spectral, the developer-first cybersecurity company, announced the release of Teller, an open-source tool that helps developers securely retrieve and use sensitive access details. Teller is the first open source secret manager to solve the “last mile problem” when securing sensitive access details and to prevent data leaks stemming from misplaced secrets.
Organizations invest tremendous amounts of resources and effort to ensure that data is stored, transported and accessed securely. This includes storing all secrets and other sensitive information in vaults or secret stores, as well as following best practices when applications or services access and use secrets.
However, when developers need to access secrets, they often have to resort to using a homebrewed custom script or copying secrets from a vault to their local development environment. “Bad actors are hard at work every day trying to exploit the smallest missteps in handling sensitive information and when they succeed the results can be catastrophic,” says Dotan Nahum, CEO and founder of Spectral.
Teller solves this by providing a developer-friendly, standardized method of accessing and using secrets that keeps sensitive information safe.
Teller achieves this with a single unified and universal configuration for many secret providers and key stores that doesn’t contain any sensitive information. Instead, the configuration holds the instructions for how the secrets should be securely fetched when needed, employing a just-in-time and memory-only approach.
An additional benefit of using Teller is in preventing “secret sprawl”, where sensitive data spreads throughout the development environment and codebase, making it more difficult to secure and maintain secrets. This is mitigated by having one configuration file that can be used to safely access secrets from multiple vaults and secret stores.
Teller supports virtually all popular digital vaults, secret stores, and key stores such as AWS Secrets Manager, Google Secret Manager, Hashicorp Vault, Etcd, Consul, in addition to SaaS platforms like Heroku, Vercel, and many more.
“With Teller, we have drawn on our vast experience in DevSecOps and made an open source product that closes a significant attack vector.
Developers can now focus on moving quickly when working on new products and features, while still keeping their InfoSec team happy — we’re also seeing many other innovative uses of Teller by the same professionals in their organization, and we’re building on top of that experience,” Nahum added.
For more such updates follow us on Google News ITsecuritywire News.