Securing Ansible with a Zero Trust Overlay (opens in new tab)

(github.com)

17 pointssabedevops3y ago3 comments

3 comments

gz53y ago

So...for ops teams, remove VPNs, bastions, open IB FW ports, complex ACLs. One inbound firewall rule: deny-all.

Abstracted...Paramiko / Ansible solution shows developers how to embed secure networking into our apps, as code, via OpenZiti open source platform.

Disclosure: founder of a company which sells SaaS on top of the open source. So a massive fan but happy to answer questions as objectively as I can.

sabedevopsOP3y ago

OP here. I use Ansible a lot in my day-to-day work, and the day the OpenZiti Python SDK came out, I wrote a wrapper around the Paramiko connection plugin to secure the connection to the target. It was so easy, and worked so well, I wrote a small demo so you all can try it too. Happy to answer any questions, and if you try it, share whatever feedback you have!

vhdlmike3y ago

Solutions that add more security without more pain, always feel like double the win. Thanks for posting.

j / k navigate · click thread line to collapse