Machine Identity Extension for Azure DevOps
This integration is an extension of Azure DevOps that enables DevOps teams to acquire certificates for development, testing and deployment from Certificate Manager without any knowledge of the enterprise-wide machine identity management service provided by InfoSec team to ensure visibility, automation, and intelligence on all machine identities used throughout the organization.
Security functions need to shift from an inhibiting force to an enabling force. This is especially true when working and supporting the DevOps teams in an organization. To drive the organization towards higher productivity, faster to value, security teams need to meet the demand of fast speed from DevOps. Ad-hoc certificates management processes slow down developers driving them towards shadow process to acquire machine identities for their development, testing and deployment, creating a huge blind spot for InfoSec teams.
This integration removes the blind spot by providing DevOps teams using Azure DevOps an intuitive, simply, convenient way of generating certificate keys and enrolling certificates that comply with enterprise-wide security policies, all without any knowledge of the security functions related to machine identities.
This integration comes with all releases of Certificate Manager, Self-Hosted and Certificate Manager, SaaS.
Applicability
DevOps teams that develop with Azure DevOps can take advantage of this extension. It works with both Azure DevOps Services and server deployments.
Limitations and special notes
There are different authentication mechanisms depending on if you use Certificate Manager, Self-Hosted or Certificate Manager, SaaS. Therefore, your configuration process will be different depending on the Venafi machine identity management service the InfoSec team provides. You can find the details in documentation.
Additional Resources
Github repo: https://github.com/gdbarron/MachineIdentityExtension
Get it to work
The extension is an open-source software independently distributed through Visual Studio Marketplace. You will need to download and install on to your Azure DevOps deployment.
About Venafi
Venafi is the cybersecurity market leader in machine identity management, securing the cryptographic keys and digital certificates on which every business and government depends to deliver safe machine-to-machine communication. Organizations use Venafi key and certificate security to protect communications, commerce, critical systems and data, and mobile and user access.
Certificate Manager, Self-Hosted is the product formerly known as Venafi Trust Protection Platform
Certificate Manager, SaaS is the product formerly known as Venafi TLS Protect Cloud