Monitoring — by its very nature — requires privileged access to internal and external services. In order to safely maintain visibility into critical systems, it’s vital to have some form of secrets management to manage authentication credentials (AKA, "secrets"), including passwords, keys, APIs, tokens, and any other sensitive pieces of information in your IT infrastructure.
Tripwire, created by our friend Gene Kim, is a popular intrusion detection system (IDS) with both commercial and open source offerings. As a fun side project, I put together a Tripwire asset for Sensu. While this is more a prototype than anything else, I wanted to take this opportunity to offer some background on IDS, Tripwire, and integrating intrusion detection into your monitoring workflow, with the overall aim of illustrating how easy it is to deploy solutions with Sensu.
Every evolution in technology starts with the people behind it. So understanding the context, roles, and objectives that gave rise to DevOps — and now DevSecOps — isn’t just an exploration of timing and technology; it’s central to how we define organizational success. In this post, I’ll recap a conversation I had with Gareth Rushgrove, Director of Product Management at Snyk, a cybersecurity platform that helps developers identify vulnerabilities in their applications.