►
From YouTube: CyberArk Secrets Management in Red Hat OpenShift
Description
Overview and demo on Secretless which simplifies Kubernetes security at scale by centralizing secrets management across hybrid clouds with Red Hat OpenShift and CyberArk.
Presented by Dave Meurer, Principal Solution Architect for Red Hat.
Learn more at openshift.com
A
Then,
within
openshift
conjure,
followers
are
running
in
one
or
more
pods.
These
are
read-only
replicas
of
the
leader
and
finally,
you
have
a
handful
of
options
to
implement
authentication
to
the
conjure
follower
and
retrieve
secrets
for
your
application.
One
option
is
actually
to
retrieve
secrets
directly
from
the
cyberark
secrets
manager
using
rest
api
calls.
A
A
less
intrusive
option
is
secrets
injection.
This
provides
secrets
as
dynamically
created
environment
variables,
rather
than
requiring
the
application
to
retrieve
its
own
secrets.
Cyberark
provides
an
open
source
solution,
called
summon,
which
runs
in
an
application,
image
and
retrieves
secrets
for
your
applications,
but
the
most
secure
and
least
intrusive
approach
for
handling
secrets
is
with
secret
lists.
A
A
If
you're
interested
in
learning
more
about
this
demo
or
following
along
you
can
head
over
to
demo.openshift.com
and
choose
the
cyber
arc
secrets
management
for
openshift
workshop
navigation
item,
that'll
show
you
a
page
with
a
link
to
this
lab
guide
and
if
you're
interested
in
doing
a
workshop
within
your
organization,
feel
free
to
contact
either
cyberark
or
red
hat
and
we'd
be
happy
to
provide
it
for
you,
I'm
going
to
show
you
one
of
the
labs
of
this
workshop.
It's
the
fourth
lab
around
secret
list.
A
And
everything
you
need
to
do
within
the
lab
is
contained
within
your
within
the
installation.
So
if
I
go
to
my
user
project
here
that
I'm
logged
into-
and
I
check
out
the
workloads,
I
can
see
there's
a
lab
admin
pod
running.
This
provides
all
the
documentation
and
scripts.
You
need
to
run
this
demo.
A
If
we
take
a
look
at
that
directory,
you
can
see
a
bunch
of
yaml,
that's
created,
so
the
one
of
the
first
steps
that
you
would
run
is
use
this
lab
cuddle
command
line,
so
lab
cuddle
helps
to
has
various
options.
It
can
create
the
ammos
you
need
for
the
actual
demo,
so
I'm
just
going
to
create
the
yaml
files
again
and
let's
just
take
a
look
at
the
app
secret
list
policy.
This
policy
loads
into
cyberark
that
you're
going
to
use
this
secret
list
broker
that
we
just
talked
about.
A
You
can
see
this
created
the
role
now.
I
want
to
take
a
look
at
the
secret
list
yaml-
and
this
is
really
the
key
part
of
the
demo-
and
you
can
see
here
that
by
using
secret
lists,
you're
not
storing
any
sort
of
sensitive
information
within
configuration
files,
so
username
and
password
all
all
parameterized,
and
then
they
use
that
keyword
to
grab
the
secrets.
The
application,
the
container
the
developer
have
no
idea
what
the
what
the
credentials
here
at
this
point.
A
A
So,
in
fact,
let
me
just
jump
over
into
the
ui
and
show
you
those
two
pods
running:
here's
that
app
secret
list
pod
by
the
way
I'll
take
a
look
real,
quick
at
the
config
map.
This
was
created
as
well.
You
can
see
those
keywords
there
that
grab
the
secret
list
information,
but
let's
go
into
the
app
pod
here
and
that
comes
pre-loaded
which,
with
a
bunch
of
scripts
as
well.