• Version
• Download 3
• File Size 298.64 KB
• Create Date 8 January 2025
• Download

Securing DevOps CI/CD pipelines with Agent-Based and Agentless Solutions

Anil Kumar Malipeddi
PAM Program Lead
Texas, USA
Email: anil.malipeddi@gmail.com

Sreekanth Pasunuru

Cyber Security Engineer Sr. Consultant

Email: spasunuru@gmail.com

Abstract

As organizations increasingly adopt containerized applications and Continuous Integration/Continuous Deployment (CI/CD) pipelines, managing and securing secrets becomes critical to maintaining robust security. CI/CD pipelines are critical to modern software development, enabling rapid delivery of software updates. However, these pipelines often handle sensitive secrets such as credentials, API keys, and tokens, making them an attractive target for adversaries. This paper explores two distinct approaches to secrets management in DevOps environments: agent-based solutions, such as CyberArk Credential Providers, and agentless solutions, such as centralized credential providers. We also examine the use of CyberArk Conjur for securing secrets in containerized applications and CI/CD tools like Jenkins. By comparing these approaches and presenting best practices, this paper highlights their roles in enhancing security, operational efficiency, and compliance in DevOps pipelines.

Keywords: DevOps, Secrets Management, CyberArk Conjur, CI/CD Security, Credential Providers, CCP, Agent-Based Solutions, Agentless Solutions, Jenkins, Container Security.