Saltar a contenido

Secrets Insights Cheatsheet

Secrets Insights Cheatsheet

Overview

Secrets Insights from BeyondTrust is a new capability designed to illuminate and secure the hidden attack surfaces created by secrets and non-human identities. It helps you discover, manage, and secure the secrets that are used by your applications, scripts, and other non-human identities.

Key Features

  • Secrets Discovery: Automatically discovers secrets across your entire IT environment, including your code repositories, configuration files, and cloud services.
  • Secrets Management: Provides a centralized repository for managing all of your secrets, with granular access controls and auditing capabilities.
  • Non-Human Identity Management: Helps you manage the identities of your applications, scripts, and other non-human entities, and control their access to secrets.
  • Attack Surface Reduction: Reduces your attack surface by eliminating hard-coded secrets and enforcing the principle of least privilege.

Getting Started

  1. Deploy the BeyondTrust platform: Install and configure the BeyondTrust platform in your environment.
  2. Enable Secrets Insights: Enable the Secrets Insights capability in the BeyondTrust platform.
  3. Discover your secrets: Use Secrets Insights to discover all of the secrets in your environment.
  4. Onboard your secrets: Onboard your discovered secrets into the BeyondTrust platform for centralized management.
  5. Replace hard-coded secrets: Replace hard-coded secrets in your applications and scripts with references to the secrets stored in the BeyondTrust platform.

Common Commands

While Secrets Insights is primarily UI-driven, here are some conceptual commands that represent the actions you would take within the platform:

  • beyondtrust discover --type secrets: Discover all of the secrets in your environment.
  • beyondtrust secret onboard --name "database-password" --value "my-secret-password": Onboard a new secret into the BeyondTrust platform.
  • beyondtrust secret grant --identity "my-application" --secret "database-password": Grant an application access to a secret.
  • beyondtrust audit list --type secrets: View the audit trail for all secret-related activities.

Example Use Case

Scenario: A company wants to eliminate hard-coded secrets from their applications.

  1. Discover Secrets: They use Secrets Insights to discover all of the hard-coded secrets in their code repositories.
  2. Onboard Secrets: They onboard the discovered secrets into the BeyondTrust platform.
  3. Replace Hard-Coded Secrets: They replace the hard-coded secrets in their applications with references to the secrets stored in the BeyondTrust platform.
  4. Enforce Least Privilege: They use the BeyondTrust platform to enforce the principle of least privilege, ensuring that each application only has access to the secrets that it needs to function.

Additional Resources