Zero Trust Automation: Run Software in Untrusted Environments

Automated software-based workflows in all IT organizations need access to secrets (such as API tokens, database passwords, server passwords, etc.). These secrets are required to either access information or configure infrastructure resources. These secrets are often baked directly into the automation software or inside the tools driving these workflows. This problem of secrets being spread across the organizations is often referred to as secret sprawl. Adopting a centralized secret management tool helps overcome the secret sprawl problem. However, the credentials required to access the centralized secret management tool must now be propagated to all applications that need access to the secrets. This problem of distributing and managing the centralized secret management tool's credentials (master key) is called the Secret Zero Problem.

This book solves the secret zero problem by presenting a Zero Trust Architecture for automated software workflows. With this architecture, the automated workflows can access the required secrets without credentials using a combination of public key cryptography, tokens, and centralized secret management. The book delves into the design and implementation of a Zero Trust system.

The book is divided into two parts to ease the learning curve for building a Zero Trust Automation system. The book's first part introduces the user to tools and concepts about public key cryptography, JSON Web Tokens, and HashiCorp Vault (a centralized secret management tool). The book's second part implements a fully functional Zero Trust system using OpenSSL, LDAP directory service, a custom authorization server (implemented in Rust), and HashiCorp Vault. The book with walk you through every step of setting up and configuring the different components making up the system. This will be followed by examples using the Zero Trust system to access the required secrets without credentials.

Going through this book and working through the implementation of the Zero Trust System will provide an additional benefit in developing the knowledge and intuition required for understanding the internals of how identity management, authentication, and authorization are implemented in container orchestration platforms like Kubernetes and CI/CD platforms such as GitLab.