SunnyVision obtains “secrets management” support from new Open Source Trousseau software
LONDON, 29 March, 2022 -- Ondat, the leading Kubernetes-native data platform provider, today announced it is teaming with SUSE, a global leader in innovative, reliable, and secure enterprise-grade open source solutions, to deliver management of digital authentication credentials (secrets management) in Kubernetes to protect access to sensitive data for SunnyVision, a data center infrastructure service provider. This comes just after the release of Ondat’s Trousseau open source project in February.
Previously, secrets management in Kubernetes was complicated and added lots of components – anathema for security professionals. The Trousseau open source project addresses these issues, leading Ondat and SUSE to team up to provide this enhanced security for their customer, SunnyVision.
With SUSE Rancher and built-in Trousseau, SunnyVision can now leverage the native Kubernetes way to store and access secrets in a safe way by plugging into Hashicorp Vault using the Kubernetes KMS provider framework. No additional changes or new skills are required.
“Segregation of the encryption keys in our multi-tenant environment means every data volume has its own key and has secure access protected from any of the other tenants,” said Bill Wong, CEO, SunnyVision. “Trousseau guarantees the security of keys, and without it, this sort of secure data storage for containers would be very complex and near impossible.”
Andy King, Partner Solution Architect at SUSE, said, “The Ondat data platform is used by SunnyVision as the basis for its database as a service (DBaaS) which is attractive to Managed Service Provider (MSP) customers. MSPs are able to build services on the DBaaS to provide customized solutions to their customers. The integration with SUSE Rancher to easily consume Key Management Systems (KMS) addresses the critical need for protecting sensitive data in cloud-native solutions deployed in the Kubernetes ecosystem.”
Trousseau uses Kubernetes etcd to store API object definitions and states. The Kubernetes secrets are shipped into the etcd key-value store database using an in-flight envelope encryption scheme with a remote transit key saved in a KMS. Secrets protected and encrypted with Trousseau and its native Kubernetes integration can connect with a key management system to secure database credentials, a configuration file or TLS (Transport Layer Security) certificate that contains critical information and is easily accessible by an application using the standard Kubernetes API primitives.
“Secrets management has always been one of the most difficult issues in Kubernetes,” said Romuald Vandepoel, principal cloud architect with Ondat and the project lead for Trousseau. “We’re glad to see Trousseau applied to that long-time problem being deployed at major installations as part of SUSE Rancher.”
About the Trousseau Project
Conceived in November 2020, the "why" behind Trousseau was presented at FOSDEM early in 2021, and the first open-source software was made available in December 2021. It provides native Kubernetes secrets management for controlled access to sensitive data that simplifies and brings better security to Kubernetes. Learn more here.
Ondat is the Kubernetes-native platform for running stateful applications, anywhere, at scale. Ondat delivers persistent storage directly onto any Kubernetes cluster for running business-critical, stateful applications safely across any public, private and hybrid clouds. For development, DevOps professionals and technology executives, it provides an agnostic platform to run any data service anywhere while ensuring industry-leading levels of application performance, high availability and security.
# # #
Joe Eckert for Ondat