Using a fully supported version of the cert-manager open source project from Venafi subsidiary Jetstack, TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, while providing offers options for policy-compliant security controls over certificate issuance.
Its management interface also provides full visibility of public trusted certificates for ingress TLS, as of private certificates for inter-service mTLS for pod-to-pod and service mesh use cases.
That interface also allows security and platform teams to easily discover machine identities used across all clusters; provides an instant visual status of all workload certificates, including their association with Kubernetes resources and X.509 certificate configurations; and works as both a cluster monitoring and machine identity management tool to identify potential security holes and to recommend fixes for identified cluster configuration errors.
TLS Protect for Kubernetes integrates natively with Kubernetes environments, and can automatically load a fully supported and hardened version of cert-manager with each new cluster created, thus reducing the risk of security drift for production environments.
It supports multi-cloud configurations, cloud platform providers and Kubernetes distributions, and integrates with popular secrets vaults and other DevOps and cloud native solutions.
"As organisations shift from traditional data centre environments to modern, highly distributed cloud native infrastructures like Kubernetes, the volume of certificates and machine identities explodes, leading to increased threat risks and an increased need for security controls," said Venafi chief product officer Shivajee Samdarshi.
"Through the Venafi Control Plane, we're modernising machine identity management and making managing machine identities in cloud native environments easier than ever. TLS Protect for Kubernetes gives security and platform teams the observability, consistency and control over machine identities to ensure a validated and auditable chain of trust exists for every workload deployed to a Kubernetes cluster, including consistent approaches to certificate configurations and security policies."
TLS Protect for Kubernetes is available immediately.
Registrations are now being taken for the Using Venafi for policy and control of certificate lifecycle management in Kubernetes webinar on 23 February 2023 at 8:00am PST/11:00am EST/4:00pm GMT/3:00am AEDT.