Secretless Broker

Overview

Features

Release categoryGenerally Available

Privilege modeUnprivileged

Download this image

This will require authentication. View other options.

Description

Secretless Broker is a connection broker which relieves client applications of the need to directly handle secrets to target services such as databases, web services, SSH connections, or any other TCP-based service.

Secretless is designed to solve two problems. The first is loss or theft of credentials from applications and services, which can occur by:

Accidental credential leakage (e.g. credential checked into source control, etc)
An attack on a privileged user (e.g. phishing, developer machine compromises, etc)
A vulnerability in an application (e.g. remote code execution, environment variable dump, etc)

The second is downtime caused when applications or services do not respond to credential rotation and crash or get locked out of target services as a result. When the client connects to a target service through the Secretless Broker:

The client is not part of the threat surface.
- The client/app no longer has direct access to the password, and therefore cannot reveal it.
The client doesn’t have to know how to properly manage secrets
- Handling secrets safely involves some complexities, and when every application needs to know how to handle secrets, accidents happen. The Secretless Broker centralizes the client-side management of secrets into one code base, making it easier for developers to focus on delivering features.
The client doesn’t have to manage secret rotation
- Secretless is responsible for establishing connections to the backend, and can handle secret rotation in a way that’s transparent to the client.

To provide Secretless access to a target service, a Service Connector implements the protocol of the service, replacing the authentication handshake. The client does not need to know or use a real password to the service. Instead, it proxies its connection to the service through a local connection to Secretless. Secretless obtains credentials to the target service from a secrets vault (such as Conjur, a keychain service, text files, or other sources) via a Credential Provider. The credentials are used to establish a connection to the actual service, and Secretless then rapidly shuttles data back and forth between the client and the service.

Secretless Broker is currently licensed under ASL 2.0

Products using this container

CyberArk Secretless Broker

Secretless Broker can be used to securely connect your applications to services they need - without ever having to fetch or manage passwords and keys.

Security

Specifications

Image specifications

The following information was extracted from the dockerfile and other sources.

Canonical image ID	Secretless Broker
Summary	Secure your apps by making them Secretless
Description	The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
Provider	CyberArk
Maintainer	CyberArk Software Ltd.
Repository name	Secretless-broker
Image version	1.7.31-769-bada8701
Architecture	amd64

Packages

Get this image

Terms & conditionsBefore downloading or using this Container, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the Container. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.

Registry tokens

Use a registry service account token to authenticate your container client. This allows you to pull images without using your personal Red Hat credentials, which is recommended for CI/CD pipelines and automated deployments.

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using Podman login

Image identifiers

Manifest List Digest Recommended

Use this digest to pull the image on any supported architecture. It automatically selects the correct image for your system.

Image Digest

Unique identifier for this specific architecture's build. Use only if you need to pin exactly to this specific platform.

Features

Download this image

Description

Products using this container

CyberArk Secretless Broker

Type

Stream

Size

Digest

Category

Image specifications

Registry tokens

Using Podman login

Image identifiers

Red Hat login

Using Podman login

Image identifiers

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

Secretless Broker

Features

Download this image

Description

Products using this container

CyberArk Secretless Broker

Type

Stream

Size

Digest

Category

Image specifications

Registry tokens

Using Podman login

Image identifiers

Red Hat login

Using Podman login

Image identifiers