Secretless Broker

latest

1.7.30

Overview

Description

Secretless Broker is a connection broker which relieves client applications of the need to directly handle secrets to target services such as databases, web services, SSH connections, or any other TCP-based service.

Secretless is designed to solve two problems. The first is loss or theft of credentials from applications and services, which can occur by:

Accidental credential leakage (e.g. credential checked into source control, etc)
An attack on a privileged user (e.g. phishing, developer machine compromises, etc)
A vulnerability in an application (e.g. remote code execution, environment variable dump, etc)

The second is downtime caused when applications or services do not respond to credential rotation and crash or get locked out of target services as a result. When the client connects to a target service through the Secretless Broker:

The client is not part of the threat surface.
- The client/app no longer has direct access to the password, and therefore cannot reveal it.
The client doesn’t have to know how to properly manage secrets
- Handling secrets safely involves some complexities, and when every application needs to know how to handle secrets, accidents happen. The Secretless Broker centralizes the client-side management of secrets into one code base, making it easier for developers to focus on delivering features.
The client doesn’t have to manage secret rotation
- Secretless is responsible for establishing connections to the backend, and can handle secret rotation in a way that’s transparent to the client.

To provide Secretless access to a target service, a Service Connector implements the protocol of the service, replacing the authentication handshake. The client does not need to know or use a real password to the service. Instead, it proxies its connection to the service through a local connection to Secretless. Secretless obtains credentials to the target service from a secrets vault (such as Conjur, a keychain service, text files, or other sources) via a Credential Provider. The credentials are used to establish a connection to the actual service, and Secretless then rapidly shuttles data back and forth between the client and the service.

Secretless Broker is currently licensed under ASL 2.0

Products using this container

CyberArk Secretless Broker

Secretless Broker can be used to securely connect your applications to services they need - without ever having to fetch or manage passwords and keys.

Containerized application

Security

Technical information

General information

The following information was extracted from the containerfile and other sources.

Summary	Secure your apps by making them Secretless
Description	The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
Provider	CyberArk
Maintainer	CyberArk Software Ltd.

Technical information

The following information was extracted from the containerfile and other sources.

Repository name	Secretless-broker
Image version	1.7.30-697-646bc934
Architecture	amd64

Packages

Get this image

Terms & conditionsBefore downloading or using this Container, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the Container. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.

Using registry tokens

Registry

Repository

Manifest List Digest

Image Digest

Use the following instructions to get images from a Red Hat container registry using registry service account tokens. You will need to create a registry service account to use prior to completing any of the following tasks.

Using OpenShift secrets

First, you will need to add a reference to the appropriate secret and repository to your Kubernetes pod configuration via an imagePullSecrets field.

Then, use the following from the command line or from the OpenShift Dashboard GUI interface.

Using podman login

Use the following command(s) from a system with podman installed

Using docker login

Use the following command(s) from a system with docker service installed and running

Registry

Repository

Manifest List Digest

Image Digest

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using OpenShift

For best practices, it is recommended to use registry tokens when pulling content for OpenShift deployments.

Using podman login

Use the following command(s) from a system with podman installed

Using docker login

Use the following command(s) from a system with docker service installed and running

Description

Secretless is designed to solve two problems. The first is loss or theft of credentials from applications and services, which can occur by:

Accidental credential leakage (e.g. credential checked into source control, etc)

An attack on a privileged user (e.g. phishing, developer machine compromises, etc)

A vulnerability in an application (e.g. remote code execution, environment variable dump, etc)

The client is not part of the threat surface.

The client/app no longer has direct access to the password, and therefore cannot reveal it.

The client doesn’t have to know how to properly manage secrets

Handling secrets safely involves some complexities, and when every application needs to know how to handle secrets, accidents happen. The Secretless Broker centralizes the client-side management of secrets into one code base, making it easier for developers to focus on delivering features.

The client doesn’t have to manage secret rotation

Secretless is responsible for establishing connections to the backend, and can handle secret rotation in a way that’s transparent to the client.

Secretless Broker is currently licensed under ASL 2.0

General information

The following information was extracted from the containerfile and other sources.

Summary	Secure your apps by making them Secretless
Description	The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
Provider	CyberArk
Maintainer	CyberArk Software Ltd.

Description

Products using this container

CyberArk Secretless Broker

Published

Release category

Size

Digest

General information

Technical information

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

Secretless Broker

Description

Products using this container

CyberArk Secretless Broker

Published

Release category

Size

Digest

General information

Technical information

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login