艾金森
漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


Docker makes secrets management a built-in feature of its enterprise product
DOCKER使秘密管理成为企业产品的内在特征

当前位置: 艾金森 > 门户 > 新闻

点击量 21
编辑: 1   作者: Techcrunch   时间: 2018/10/31 1:06:58  

A few years ago, using containers to run your applications came with a number of security tradeoffs compared to using virtual machines. As enterprises started adopting various container technologies faster than anybody expected, that became an issue and companies like Docker started making?security a?priority. For Docker especially, that work is starting to pay off. The company today announced?that it now offers a container-native secrets management solution?for Docker Datacenter that allows developers to safely make API keys, encryption keys and passwords available to their applications without having to use a third-party service.

As Docker security director Nathan McCauley told me, the traditional way of sharing these secrets generally involved copying it to a host or maybe integrating it directly into the source code. "Containers turned that upside down because the code could move arbitrarily - even to different infrastructure," said McCauley. So people would either hack together their own solutions or use a third-party service like HashiCorp's Vault.

Taking a shot at Docker's container orchestration competitors, McCauley also?argued that solutions that a simply bolted-on to these tools are inherently insecure. It's worth noting, though, that Kubernetes also has built-in tools for managing secrets as well.

Docker's solution lets you easily add the secret to your cluster (or a "swarm," in Docker's parlance). It's only shared over mutually authenticated TLS connections and then stored securely on a manager node where it's never written to disk unencrypted. You can find?a few examples of how all of this works in practice here. The main idea here, though, is to ensure that all of this is very easy for developers to integrate and completely independent of the underlying infrastructure.

As Docker's VP of Enterprise Marketing David Messina told me, the company now considers security one of its main selling points. He argues that?the company wants to get to a point where enterprises choose Docker because it's inherently more secure than other?options, including existing legacy solutions. "It's a thift. We always had these pillars of agility and portability, that's why everybody gravitated to us, but we're announcing that the third pillar is security," he added.