Assessment of the CNCF End User Community finds widespread adoption of secrets management tools from cloud providers
SAN FRANCISCO, Calif. – February 23, 2021 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the findings of the fourth CNCF Technology Radar, a guide to a set of emerging technologies based on the experience of the CNCF End User Community. The theme of this edition was secrets management, which was identified by the consumers of cloud native technologies as an essential technology to consider in cloud distributions.
The CNCF Technology Radar is an initiative from the CNCF End User Community, a group of more than 140 leading-edge companies and startups, such as Airbnb, Capital One, and Twitter, who use cloud native technologies and aim to identify challenges and best practices when adopting them. The Technology Radar shares insight into which tools are used by end users and how and which tools end users recommend for broad adoption.
“As the real-world experts running tools on the ground, end users provide invaluable feedback for improvements, bug fixes, and new feature additions,” said Cheryl Hung, VP Ecosystem, Cloud Native Computing Foundation. “The Technology Radar takes advantage of the collective knowledge of the CNCF End User Community, the largest end user community of any open source foundation, to bubble up tools and technologies that organizations should consider now when building their cloud native applications.”
Secrets management refers to the tools and technologies used to manage digital authentication credentials. This can include APIs, keys, passwords, tokens, or other credentials used to protect sensitive information across the IT ecosystem. Secrets are becoming more challenging to manage as cloud native grows. Every service requires an API key or credentials, so more software is passing credentials through more services than ever before.
Of the tools that were evaluated by the community, four ended up in the Adopt category, including HashiCorp Vault, Certificate Manager, Amazon Web Services (AWS) Secrets Manager, and AWS Key Management Service. Two tools, Bitnami Sealed Secrets and Encrypted repositories, were recommended for Trial, and two, Google Cloud Platform (GCP) Secrets Management and Sops, were recommended for Assess. The radar team also identified four key themes from the data, which can be viewed in more detail on the Radar page.
“I expected the results to overwhelmingly show that organizations are using the offering of the public cloud they are already using,” said Steve Nolen, site reliability engineer at RStudio and Radar team member. “While this was the case with four cloud provider tools ending up on the survey, worries about vendor lock-in led to other commercial tools appearing on the Radar. We were initially surprised to see such widespread adoption of Vault due to its high cost of entry and operational burden. However, after further review, it proved to be popular with organizations using a cloud-agnostic or multi-cloud approach.”
“Based on my experience, I expected to see a lot of fragmentation in the secrets management space. I was not surprised to see a variety of tools with specific use cases appear in responses, particularly within the Kubernetes community,” said Andrea Galbusera, engineer and co-founder at Auth-Keys and Radar team member. “Certificate Manager integrates tightly with other tools in the ecosystem, each serving a variety of specific use cases. Its popularity proves this is a top area of concern for those who are adopting Kubernetes.”
To learn more about the Radar results, watch the webinar with the Radar team and visit radar.cncf.io. You can also view previous Technology Radars on Continuous Delivery, Observability, and Database Storage.
About the Methodology
In January 2021, the 140 companies in the CNCF End User Community were asked to describe what their companies recommended for different solutions: Hold, Assess, Trial, or Adopt. They could also give more detailed comments. As the answers were submitted via a Google Spreadsheet, they were neither private nor anonymized within the group.
Twenty-nine companies, including Apple, Intuit, Peloton, and Verizon Media, submitted 79 data points on 21 solutions. These were sorted to determine the final positions. The Radar Team then curated the responses, chose outcomes, and described any patterns or themes they saw in the data or from their own experience.
About the Radar Team
Steve Nolen is a Site Reliability Engineer at RStudio, PBC, working on RStudio’s SaaS offerings. Prior to RStudio, Steve worked at UCLA on a National Science Foundation grant-funded project, building the technology for a brand new data science high school curriculum.
Andrea Galbusera is an engineer and co-founder at AuthKeys. Going up and down the stack, his main interests fall into revision control, CI/CD, and anything in tech that helps to manage complexity yet allowing things to scale at need.
Two more Radar Team members participated but remain anonymous.
- CNCF Newsletter
- CNCF Twitter
- CNCF Website
- Learn About CNCF Membership
- Learn About the CNCF End User Community
About Cloud Native Computing Foundation
Cloud native computing empowers organizations to build and run scalable applications with an open source software stack in public, private, and hybrid clouds. The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure, including Kubernetes, Prometheus, and Envoy. CNCF brings together the industry’s top developers, end users, and vendors, and runs the largest open source developer conferences in the world. Supported by more than 500 members, including the world’s largest cloud computing and software companies, as well as over 200 innovative startups, CNCF is part of the nonprofit Linux Foundation. For more information, please visit www.cncf.io.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page. Linux is a registered trademark of Linus Torvalds.
The Linux Foundation