1Password is the first line of defense for over 80,000 businesses worldwide protecting their employees, customers and intellectual property by securing passwords, financial details and other sensitive information. Today's launch and SecretHub acquisition signal a major expansion of 1Password, helping enterprises secure their infrastructure and machine-to-machine secrets alongside their human passwords.
"Companies need to protect their infrastructure secrets as much as their employees' passwords," said Jeff Shiner, CEO of 1Password. "With 1Password and Secrets Automation, there is a single source of truth to secure, manage, and orchestrate all of your business secrets. We are the first company to bring both human and machine secrets together in a significant and easy-to-use way."
Secrets Security Not Keeping Pace. With the massive expansion of Software as a Service (SaaS) applications, infrastructure secrets are multiplying as never before, scattered across multiple services and cloud providers. Companies often try to protect these secrets through a combination of home-grown solutions and awkward hacks. Human error within IT and developer organizations happens all the time and is compounded by risky shortcuts taken in the name of speed and productivity.
Leaked secrets can have widespread ramifications; when an engineer accidentally placed a secret key into source code at Uber, the names, driver's licenses, and other private information of 57 million users were stolen. A recent GitGuardian report detected over 2 million infrastructure secrets exposed on code sharing platforms, growing 20% over the previous year. This underscores the massive and growing issue of properly managing secrets and protecting sensitive customer data.
1Password Secrets Automation was developed to address directly these challenges. Key features include:
- The security of 1Password--store credentials, tokens and other secrets fully encrypted, using the same security that made 1Password the No. 1 enterprise password manager.
- A single source of truth for all your secrets--gain complete visibility and auditability in a way that you can't when secrets are spread across multiple services.
- Granular access control--define which people and services have access and what level of access they are granted.
- Ease of use--built on 1Password's intuitive user interface, Secrets Automation delivers administrative simplicity, providing for good secrets hygiene.
- Integration with your existing tools--Secrets Automation integrates with HashiCorp Vault, Terraform, Kubernetes and Ansible, with more integrations on the way. You'll also find ready-to-use client libraries in Go, Node and Python.
A Roadmap Driven by Customer Demand. Kira Systems, an AI-based contract review and analysis software company, was one of many customers that requested 1Password expand its offering to solve their secrets management problems.
"We've been a 1Password customer for six years and have long wanted to centralize our secrets management," said Joey Coleman, Kira Fellow and director, systems with Kira Systems. "We store terabytes of sensitive data across many deployments, so it is critical for us to have a secure and efficient way of managing the credentials that give access to that data. Secrets Automation delivers an extra level of security while also removing the manual labor required to manage the volume of passwords and credentials."