Using BeyondTrust for DevSecOps

Question

What is the main difference between BeyondTrust Password Safe and DevOps Secrets safe? as my understanding is that BeyondTrust Password Safe can be used to save code and tool passwords from the DevOps process, so why would I need DevOps Secrets safe?

Answer 1

TL;DR = It depends on the problems you are looking to solve.

It's mainly about 3 criteria.

DevOps Secrets Safe is designed from the ground up for the high-volume, elastic scaling space that DevOps normally operates in. It's also built on the same technologies, e.g., Kubernetes, so fits easily into DevOps environments.

Password Safe is designed primarily for user interactions although it does have a very robust, efficient, and broad API for use in automation and application-to-application authentication.

The first criteria is the size of the secret you are looking to store. Password Safe maxes out around 2k so not quite enough for certs in many cases.The second criteria is the working environment for the solution. The last criteria is volume of requests. DevOps Secrets Safe, as an API-first, solution is always the first choice when you are working with high volumes of requests for machine-only identities. While Password Safe could be used, you have to consider the volume of requests and the impact that potentially has on the user experience of Password Safe.

If you are a DevOps environment, I'd heartily recommend DevOps Secrets Safe. If you are a mainly user oriented environment, Password Safe is your choice. If you are a mixed environment then it's either Password Safe or both. I personally prefer to keep the identities used in DevOps separate from those used by users and applications. For Applications, I'm talking about identities used by applications for database access and other connections that are often established and pooled rather than extremely high volume, high frequency connections that are created and closed quickly. There are options for that with Password Safe but DevOps offers a cleaner solution.