Secure By Design

Full end to end encryption between ServiceNow MID Server and your Vault, multiple ways authentication with state of art security.

Production Ready

Deployed in minutes with easy and polymorph configuration to meet your needs and practices. Day-1 solution with existing HA Vault Cluster.

Battle Tested

Tested against thousands of IT assets (servers, networks devices, etc.) with all forms of credentials (SSH, Windows, SNMP, AWS, Azure, GCP, ...).

Vault Connect for Hashicorp Vault

Offer Vault capabilities to your ServiceNow instances, and enforce state of art security for privileged accounts used by ITOM Visibility & Integration Hub.

Security Features

  • - Mutual TLS between MID & Vault
  • - Supported authentication against Vault : Token, AppRole, AWS, Azure, GCP, PCF, K8s, PKI.
  • - Protect MID configuration in Vault
  • - Hashicorp security standard for AppRole two way authentication
  •  
  •  

Credentials Features

  • - KV store for all available creds
  • - Password rotation for Active Directory and Open LDAP accounts
  • - Composite creds (ex : mixed secret engines AD+KV )
  • - All databases secret engines (static / dynamic)
  • - Custom secret engines
  • - AWS* creds (Azure & GCP in testing stage)

Operations features

  • - Control dynamically generated credentials pollution with MID in memory caching
  • - Optimize Vault workload through intelligent caching to avoid fetching creds for each probe or shazzam query
  • - Separate logging compatible with Elasticsearch for audit

Challenge with accounts used by Discovery & Automation solutions

Discovery, Application Dependency Mapping & Orchestration solutions use privileged accounts which introduce greater lateral propagation threats if compromised

Privileged accounts with long life password

due to cumbersome synchronization process with ServiceNow

Redundant & error prone credentials management

between multiple ServiceNow instances organized for features delivery to production

Hard to control secrets knowledge and usage

as ITOM Team often create and maintain them inside ServiceNow which can go against SecOps policies

Limit of sudoers role or JEA alternative

as required CLI commands are to permissive (ex : sudo sh)

Image
Image

How To Manage ServiceNow Credentials

Privileged accounts and secrets need to be centrally managed, with strict access control and full auditability in a Zero Trust approach.

  • One Vault to rule them all

    Centralize all credentials and secrets used inside your ServiceNow instances in a unique place, with state of art Security through Vault capabilities.

  • Rotate password systematically or use dynamic credentials

    Perform automated password rotation before every Discovery or Runbook execution, to ensure only MID Servers have the knowledge of the secret.

  • Control credentials usage and access

    Add lease time to set usage expiration and enforce new rotation. Restrict IP addresses allowed to fetch credentials to MID servers IPs only, over secure channel with MTLS

Why Choose Us

We are independant consultants in the industry for more than 10 years. We help organizations to build secure by design projects with DevSecOps and Agile mindset.

  • Security as a first class citizen
  • Delight our customers
  • Automation addict
Know Details
Contact Us

Drop us a message for any query

Any question concerning Vault Connect ? Any feature idea ? Just curious about us ? We will be please to answer you.