Secure Development with GitOps

Introduction

The past few years have witnessed a massive surge in the usage of software development technologies and processes, such as DevOps, Kubernetes, Containers, GitOps, etc. The growing popularity of DevOps has given rise to various facets of it, including DevSecOps, AlOps, SecOps, and GitOps.

GitOps makes it easy for developers to create and deploy cloud environments within minutes. GitOps can help enhance business value and streamline infrastructure management.

However, security is a major concern and is often considered a bottleneck that ultimately slows down application delivery. Let’s understand why.

Security Issues Can Slow Down the Delivery

GitOps promises quicker and more frequent deployments, but the last thing that you want is to be slowed down by legacy security programs. These security issues pose a hindrance since they are often a major source of delays for developers, who spend a lot of time and energy researching them. It is costly and time-consuming to find issues later in the cycle, which can lead to unnecessary stress.

Infrastructure as Code Security

Infrastructure as Code Security aims to ensure that compliance best practices and security requirements are a part of the IaC template files. These compliance requirements and best practices encompass several aspects of information security, including data encryption, network segmentation, and access control requirements. 

If you ignore Infrastructure as Code Security, you might land yourself in trouble. There can be severe consequences such as exposure of sensitive data, data leakage, and even unauthorized access to business-critical assets.

Shift you IaC Security Checks Left

You should have templates define your infrastructure. Once that is done, you can move our focus to the left and protect your environments before deploying them. Security teams usually define the policies for cloud services. 

These policies can be combined with infrastructure configurations as code. DevOps, security teams, and IT staff can form a trusted partnership by collaborating and defining these policies together.

IaC security allows security to be embedded in infrastructure even before applications can be deployed. Policy-as-code reduces human error when configuring security services.

Traditional CI/CD Pipeline

A typical CI/CD pipeline works like this:

1. The developer pushes code into the repository.

2. The CI tool then gets into action and runs some tests.

3. Next, the CI tool integrates the source code and builds a container artifact.

4. This is then added to a container registry and gets deployed to the cluster.

However, the main problem with this approach is that since it is a push-based pipeline, the read-write credentials are exposed from the CI tool right into your cluster. This is a severe security issue since it makes you susceptible to malicious assaults. Here’s exactly where GitOps comes in for the rescue.

What is GitOps?

A concept first coined by "Weaveworks" in 2017, GitOps is based on a Git-based source code management system and upholds the principle that Git is the one and only one source of truth. GitOps requires that the state of a system is stored in Git so that anyone can view the entire audit trail of changes if need be. GitOps demands that the system state be stored in Git, so anyone can see the complete audit trail of changes. 

GitOps takes advantage of DevOps best practices used for application development, i.e., CI/CD, version control, collaboration, and compliance, then applies them to infrastructure automation. Some of the key practices of GitOps are Infrastructure-as-code (IaC), Merge Requests (MRs) and Continuous Integration/Continuous Delivery (CI/CD).

Figure 1: GitOps Deployment Workflow in Action!

Why Should I Use GitOps? 

If implemented correctly, GitOps can manage infrastructure, shift security left, and detect vulnerabilities and bugs more effectively and quickly. It can also help identify general code quality issues and other problems earlier in the development cycle.

GitOps enables you to take advantage of version control to manage the application's code and your environment and processes. GitOps upholds the principle that Git is the single, shared place where everything exists and is also the only source of truth that leverages the Git developer toolset for automated application and infrastructure updates.

GitOps: Core Principles

The following are the core principles that a GitOps practice is comprised of: 

1. The entire system (state and configuration information) is described declaratively. 

2. The system states are defined and versioned in Git.

3. The approved changes are automatically applied to the system. 

4. Software agents are able to ensure the correctness of the system and are able to notify on divergence.

GitOps: Increasing Developer Velocity

GitOps enables DevOps teams to be more autonomous and productive by allowing continuous deployment via the technologies they are already familiar with. One of the fundamental principles of GitOps is that developers should only interact with Git, with the rest of the integration and deployment process handled by automated processes. This faith in automation allows for complete version control, an audit of all infrastructure templates, and, ultimately, increased development velocity. All infrastructure templates are versioned and auditable, thus improving developer productivity.

GitOps for the Security of the Future

GitOps helps improve pipeline security and streamline infrastructure management. As more businesses migrate to the cloud, and their attack surface increases, they should think about the benefits of new tools to help them keep up with security's ever-increasing demands.

One of the remarkable aspects of GitOps is that it treats everything as code. As a result, your configuration and security policies are treated as code and stored in version control. An automated pipeline then verifies, deploys, and monitors changes enables GitOps to shift security left and detect vulnerabilities earlier in the process. If security is slowing down delivery, it is high time that you integrate security controls right into your development lifecycle.

How Does Security Improve with GitOps?

GitOps improves security throughout the lifecycle of an application in the following ways:

• Single source of truth - Since GitOps is the single source of truth, it centralizes all configurations in a declarative manner. Hence you only need one set of tests, security scans, and one set of permissions to make the changes. 
• No human involvement - The best part is that no human involvement is needed in the process hence any human error can be eliminated.
• Supports configuration as code - What this means is that there isn't any need for manual actions anywhere in the ecosystem.
• Improved observability - GitOps provides support for improved observability by collecting various metrics.

Permission Management

GitOps allows the system's current state to converge to the intended state.  Git has everything you need to make use of VCS providers for permission management. Depending upon how well-organized your ecosystem is, you may be able to assign ownership, quality barriers, and provide access in different ways. 

Since everything is stored within Git, pull-request reviews will be the first step toward permission management. No modifications should be allowed without prior approval. In terms of ownership and accountability, you can designate code owners and ensure that any change to the desired state is audited properly.

Sensitive Data Management

For reasons abound, it is considered a bad practice to keep confidential data unencrypted in a version management system (VCS), such as Git. You should be aware that a Git repository source code can be spread across multiple places, resulting in losing control over sensitive information. 

It can be difficult to make the right decisions when it comes to protecting confidential information within GitOps. To prevent data breaches, you should control each step of the GitOps process carefully. There are many GitOps-friendly solutions that preserve confidentiality to make it easier to manage and consume sensitive data.

Securing Development Pipelines Using GitOps

The ability of GitOps tools to consider everything as code has a direct effect on security. If all security policies and configurations are considered code, they can all be kept in version control. You can make modifications, evaluate them and then feed them into an automated pipeline. The pipeline will then be able to validate, deploy, and monitor these changes.

Securing the Whole Pipeline

GitOps enhances security in several elements of your development pipeline. This includes the code itself, any additional information such as policy and configuration, and the process used. Git helps you to meet your compliance requirements by maintaining the system's desired state. Adherence to the GitOps principles will help make your pipeline more secure. 

Keeping track of all changes (including comments and modifications) under the version control system helps to roll back to the previous state when needed. This will enable you to determine who made the modifications and why they were done. It also has an audit trail built-in.

Organizations can recognize the affected lines of code and quickly assess the impact of attacks and recover from them faster. This minimizes risk, reduces the likelihood of breaches, and reduces your threat landscape.

Managing Security Controls Consistently: Git as a Single Source of Truth

GitOps is a paradigm that places Git at the core of developing and running cloud-native apps by utilizing Git as the single source of truth and empowering developers to undertake tasks previously performed by IT operations.

Git allows developers to submit pull requests to speed up and simplify application deployments. You can create policies specific to managing application deployments or changes in cluster infrastructure.

Software agents continually compare the source of truth to the running cluster. In the event of a change, the system sends alerts to make sure that the cluster is in sync with the canonical source of truth.

Securing GitOps in Production

Git being the single source for truth is the most significant security advantage once you get to production. It allows you to use a single set, a single set of security scans, a single set of permissions, etc. Most importantly, this eliminates the chances of human error.

Moreover, you can take immediate action if your application comes under attack. Since Git is the only source of truth, you can redeploy everything immediately if you have to.

Best Practices

Some of the IaC security best practices include the following:

• Adhere to the principle of least privileges.
• Data (both at rest and in transit) should always be encrypted.
• Avoid using default configurations.

Why Magalix?

Magalix can help you secure your Infrastructure as Code and run-time infrastructure with codified policies. With many policies built-in, you can assess your security status quickly. With custom policies, you can also run your checks. You can take advantage of Magalix's built-in policies and templates and secure your infrastructure easily.

Conclusion

Weaveworks first hatched the GitOps idea in 2017 – it has since then proliferated throughout the DevOps community for reasons abound.

Software development today has moved left to produce better-quality software more quickly. You can use IaC to adopt the same DevOps principles for your infrastructure. 

You should integrate proper security controls throughout the development lifecycle. Together, GitOps & DevOps can create safer and more efficient workflows for infrastructure and application development and deployments.