1Password launched Secrets Automation, a new way to easily secure, manage and orchestrate the rapidly expanding infrastructure secrets required in a modern enterprise.
Secrets such as corporate credentials, API tokens, keys and certificates can number in the hundreds for midsize businesses and many thousands for enterprises.
This scale and complexity lead to huge security risks. In addition to the new product launch, 1Password also completed the acquisition of SecretHub, a secrets management company that protects nearly 5 million enterprise secrets a month.
The SecretHub team and CEO Marc Mackenbach will join the 1Password immediately, adding expertise and engineers to accelerate the 1Password Secrets Automation roadmap.
1Password Secrets Automation launches with a host of partnerships and integrations that will make it easy for developers and DevOps teams to integrate with the mission-critical tools and libraries they already use.
1Password is the first line of defense for more than 80,000 businesses worldwide protecting their employees, customers and intellectual property by securing passwords, financial details and other sensitive information.
Today’s launch and SecretHub acquisition signal a major expansion of 1Password, helping enterprises secure their infrastructure and machine-to-machine secrets alongside their human passwords.
“Companies need to protect their infrastructure secrets as much as their employees’ passwords,” said Jeff Shiner, CEO of 1Password.
“With 1Password and Secrets Automation, there is a single source of truth to secure, manage and orchestrate all of your business secrets. We are the first company to bring both human and machine secrets together in a significant and easy-to-use way.”
Secrets security not keeping pace
With the massive expansion of SaaS applications, infrastructure secrets are multiplying as never before, scattered across multiple services and cloud providers.
Companies often try to protect these secrets through a combination of home-grown solutions and awkward hacks. Human error within IT and developer organizations happens all the time and is compounded by risky shortcuts taken in the name of speed and productivity.
Leaked secrets can have widespread ramifications; when an engineer accidentally placed a secret key into source code at Uber, the names, drivers licenses and other private information of 57 million users was stolen.
A recent GitGuardian report detected more than 2 million infrastructure secrets exposed on code sharing platforms, growing 20% over the previous year.
This underscores the massive and growing issue around properly managing secrets and protecting sensitive customer data.
1Password Secrets Automation was developed to directly address these challenges. Key features include:
- The security of 1Password – store credentials, tokens and other secrets fully encrypted, using the same security that made 1Password the No. 1 enterprise password manager.
- A single source of truth for all your secrets – gain complete visibility and auditability in a way that you can’t when secrets are spread across multiple services.
- Granular access control – define which people and services have access and what level of access they are granted.
- Ease of use – built on 1Password’s intuitive user interface, Secrets Automation delivers administrative simplicity, providing for good secrets hygiene.
- Integration with your existing tools – Secrets Automation integrates with HashiCorp Vault, Terraform, Kubernetes and Ansible, with more integrations on the way. You’ll also find ready-to-use client libraries in Go, Node and Python.
1Password and GitHub are also announcing a partnership today: “We’re partnering with 1Password because their cross-platform solution will make life easier for developers and security teams alike,” said Dana Lawson, VP of partner engineering and development at GitHub, the largest and most advanced development platform in the world.
“With the upcoming GitHub and 1Password Secrets Automation integration, teams will be able to fully automate all of their infrastructure secrets, with full peace of mind that they are safe and secure.”
A roadmap driven by customer demand
Kira Systems, an AI-based contract review and analysis software company, was one of many customers that requested 1Password expand its offering to solve their secrets management problems.
“We’ve been a 1Password customer for six years and have long wanted to centralize our secrets management,” said Joey Coleman, Kira Fellow and director, systems with Kira Systems.
“We store terabytes of sensitive data across many deployments, so it is critical for us to have a secure and efficient way of managing the credentials that give access to that data.
“Secrets Automation delivers an extra level of security while also removing the manual labor required to manage the volume of passwords and credentials.”