Posted by Oded Hareven
August 28, 2023
Origins of Vaultless™ Secrets Management
Oded Hareven, Akeyless CEO and Co-Founder
Four years ago, when my co-founders and I created Akeyless, the concept of Secrets Management (managing credentials, certificates and keys) was still a category in its infancy. In recent times, it has become increasingly apparent that Secrets Management is the cornerstone of modern enterprise security and if not done right, could very well be the Achilles heel of your security posture.
In this post, I will explore how and why we came up with the Vaultless approach to Secrets Management and why the last generation of Secrets Management tools, based on legacy open-source code, will be left behind.
In spirit, the vaultless approach is similar to the emergence of serverless, a cloud-native development model that allows developers to build and run applications without having to manage servers. In Vaultless Secrets Management, our patented keyless approach called Distributed Fragments Cryptography™ (DFC) combined with our cloud-native SaaS architecture, allows InfoSec and DevOps professionals to focus their efforts on managing their secrets instead of their vaults.
Akeyless CEO on Vaultless Secrets Management
From the outset we decided to build our secrets management platform ground-up and not use existing open source projects. There were three reasons for this. First, the open-source-based vaults were not built for evolving modern enterprise needs. Second, we determined that this would not allow us to innovate and meet the future needs of our customers. Third, we did not want to inherit the operational and licensing issues associated with open source code.
Let me double click on each of these.
Building for the Modern “Everywhere” Enterprise
It was not long ago that hard-coded secrets were sprawled in configuration files and embedded in code. The emergence of open source projects like Vault centralized the sprawl of secrets. However, the vault-centric approach to Secrets Management was only effective for a limited period of time. The environment began to change. Rapid adoption of multiple cloud environments, the rise of the “everywhere” multi-region enterprise, the emergence of DevOps automation and increasingly agile, microservices-based modern application development—all led to countless machines (databases, containers, apps) that need to communicate with each other securely. This required high availability, scalability, and efficiency, all while enhancing security. Technologies based on self-deployed open source code, like Vault OSS , failed to make the transition to meet the needs of a modern enterprise in the cloud. As many of our customers have shared, secrets management tools based on open source technologies have become cumbersome, inefficient, and expensive to manage. This is the reason we built Akeyless from scratch on a cloud-native SaaS Architecture.
Innovating to meet the present and future needs of our customers
Customer centricity is at the core of everything we do. We wanted the users of the product, both InfoSec professionals and DevOps engineers, to manage secrets and not manage vaults.
But you can’t become Vaultless without true Zero Knowledge level security. Akeyless is built as a SaaS while including a Zero Knowledge infrastructure enabled by our patented technology, Distributed Fragments Cryptography® (DFC). DFC ensures that there is never a whole encryption key in existence anywhere, anytime, preventing hacks of this all-important key to the castle.
As a Zero Knowledge feature, DFC, combined with our Akeyless Gateway Architecture (AGA), allows our customers complete ownership of their secrets. This patented approach allows us to deliver multi-cloud secrets management as-a-service while significantly reducing the risk of compromised encryption keys and ensuring that secrets cannot be accessed even by cloud providers, vendors or governments. With a fragment of an encryption key retained in our customers’ own environment, they can be sure that only they have access to their sensitive data.
We also added broader functionality out-of-the-box like omni-platform secrets rotation, an External Secrets Manager, automatic migration, and platform extensions like Secure Remote Access and Password Manager, making the Akeyless solution more comprehensive and seamless to use wherever you are in the journey of adopting a Secrets Management solution.
Limitations of legacy open-source-based security tools
Some vendors have chosen to build their product on open source technologies like Vault OSS. As we see today, these solutions have their own share of challenges and limitations—including but not limited to complexity, lack of high availability (no SLA), lack of compliance, and higher cost and confusion, especially given the recent licensing uncertainties. For these reasons, even from the early days of Akeyless, it has been our belief that open source solutions are not suitable security products for modern enterprises. We believe that vault tools based on open source will be left behind. In this dynamic and high-stakes digital landscape, taking risks with mission-critical Secrets Management simply isn’t an option — that’s why we avoided the open source, self-deployed approach from the start.
We are proud of the fact that Akeyless is the fastest growing enterprise-grade Secrets Management Platform in the world. We are the fastest growing alternative to conventional Vaults. Don’t just take our word for it. The reason for our rapid adoption is because we have helped customers cut their TCO by up to 70%. Hear from our customers and learn why they migrated from conventional open-source based vaults to the modern enterprise grade Akeyless Vaultless Platform.
Experience Akeyless yourself and also take a moment to see how we fare against other vaults.
Oded Hareven
CEO and Co-Founder
Akeyless Security