Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets.
About Bitwarden Secrets Manager
Bitwarden Secrets Manager stores unlimited secrets – database passwords, API keys, authentication certificates, and others – in one central location, and allows their secure (i.e., end-to-end encrypted) use and sharing.
The solution allows convenient machine-to-machine credential access for seamless software deployment and eliminates the need for hard-coded secrets or sharing of .env files (text file storing environment-specific authentication credentials). It should also prevent the sharing of secrets via insecure channels such as email, Slack, and spreadsheets.
“Bitwarden Secrets Manager helps development teams stay secure by protecting these privileged credentials — and the associated ecosystems — from unauthorized access and cyberattacks,” said Bitwarden’s Kasey Babcock. “With one secure location to store developer secrets, Bitwarden Secrets Manager also reduces the effects of secret sprawl within the businesses.”
Aside from making developers’ lives easier, the solution is also a boon for DevOps and IT teams, as it’s easy to deploy and use, provides scalable and centralized secret management based on least privilege access, and allows auditing of machine and user activity.
The importance of putting security into development
The authentication credentials used by development teams can often be unintentionally shared or exposed during a cyberattack. This is, more often than not, the result of inefficient security measures applied by development teams.
Teams have to make sure data is safely stored, shared and accessed only by authorized personnel. Even though there’s continuous friction between developers and security teams, maintaining development lifecycles safe is imperative for both.
Currently, Bitwarden Secrets Manager is integrated with GitHub Actions, with upcoming versions set to include support for Kubernetes, Terraform, and Ansible. Future releases will also introduce more SDK languages.
The solution can be operated via graphical or command-line interface.