Developers are familiar with using secrets within their code and during development work. Secrets typically take the form of:
- User credentials
- API keys
- Access tokens
- SSH keys
- pem files, etc
One of the primary uses of secrets is to secure access to systems, but they’re also used to sign cookies, encrypt data, protect the network, and more. And as organizations move to the cloud, implement microservices-based architectures, and adopt DevOps, the number of secrets a developer needs to work with proliferate.
Problems with Sharing Secrets
While a single developer can manage their own secrets fairly well, sharing secrets between development team members has always been problematic. When confronted with the choice of sharing secrets securely via difficult-to-use tools versus employing a simple, non-secure alternative, developers will often err on the side of ease of use. In fact, there are numerous examples of developers turning to Slack, email, wikis and even Github repos to share their secrets. Unfortunately, all of these easy alternatives ultimately defeat the purpose of creating a secret, namely security. To work around the problem, dev teams have:
- Kludged together their own in-house solution
- Deployed open source software, like Hashicorp’s Vault
- Purchased commercial products, like Thales’ nSheild Hardware Security Module (HSM)
ActiveState’s State Tool
ActiveState is taking a different tack. After all, if a solution is too hard to use, developers are unlikely to use it. But what if sharing secrets was as quick and easy as Slack or email, but far more secure? That’s where the ActiveState Platform CLI, the State Tool, comes in.
Want to learn more about the State Tool? Sign up for our upcoming webinar, The Secret to Managing Shared Secrets.