Skip to content

Thycotic Secures Privileged Database Access in DevOps Pipelines

Washington, D.C., November 10, 2020 Thycotic, provider of Privileged Access Management (PAM) solutions to more than 10,000 organizations worldwide, including 25 of the Fortune 100, today announced the latest release of its PAM solution for DevOps, DevOps Secrets Vault, that will help businesses secure machines, applications, and databases in DevOps environments.

As the remote world continues to push businesses online in almost every capacity, IT teams need to centrally manage passwords used to access applications and services without causing friction in the development process. The latest enhancements to DevOps Secrets Vault offer new dynamic secrets support for databases, the ability to provide newly created machines and applications with one-time access to vaulted secrets, and new integration with Azure DevOps.

“The database is the center of the DevOps environment with many applications requiring access, while at the same time, being a primary target of cyber criminals,” said Jai Dargan, VP of Product Management at Thycotic. “Dynamic secrets for databases is the answer to fight leaked credentials, standing access, and slow secrets rotation.”

Just-in-Time Access for Databases

To eliminate friction in a DevOps workflow, privileged credentials or “secrets” must be created immediately when needed to spin up and access IT resources. In the absence of an automated solution, it’s common for busy IT administrators to forget to expire or disable these secrets, leaving risky standing access in place.

Just-in-time access ensures users and systems have appropriate access when needed and for the least amount of time required. When DevOps tools, applications, databases, or humans need to access a target, the vault generates dynamic secrets, which are short-lived secrets with fine-grained access control. Even if these secrets are leaked, any would-be attacker is limited in what they can do and has a limited window to do it before the secrets expire. 

DevOps Secrets Vault supports dynamic secret creation for MySQL, PostgreSQL, Oracle (Standard and Enterprise), and Microsoft SQL with more databases to follow.


Any machine or application that has just been created, or bootstrapped, must get access to the vault initially. DevOps Secrets Vault provides one-time use URLs for newly created machines or applications to access the tool and get the client secret.

Expanded Support for DevOps Tools and Languages

Utilizing DevOps Secrets Vault enables organizations to adopt enterprise-class secrets management for DevOps pipelines. The complexity and variety of tools within these pipelines require centralized management of privileged access to maintain security, unify Privileged Access Management, and control costs.

DevOps Secrets Vault now supports secrets access for Azure DevOps and includes a software development kit for Node.js. Thycotic is constantly adding to the list of SDKs and DevOps tool plug-ins, which already include support for Jenkins, Kubernetes, Terraform, Chef, and Puppet.

DevOps Secrets Vault is a platform-agnostic, cost-effective, rapid set-up vault that is capable of high-speed secrets creation, archiving, and retrieval. Organizations can try DevOps Secrets Vault for free.