Enhancing Workload Access for GitLab

Aembit’s latest innovation, Workload Credential LIfecycle Management, is part of our expanding suite of enhancements for GitLab and other CI/CD platforms. As organizations heavily rely on these platforms, DevOps, Developers, and Security teams are left to deal with their shortcomings.

Aembit enhances security and streamlines workflows for GitLab and other CI/CD platforms by leveraging identity federation to replace long-lived secrets with dynamic, short-lived, just-in-time credentials.This approach ensures that only cryptographically verified non-human identities can access sensitive data and resources.

Here is a summary of Aembit’s key features for GitLab:

• Support for GitLab SaaS and on-premise, self-hosted deployments. Aembit provides support for both GitLab.com and self-hosted, on-premise instances, offering flexible identity and access management that works across hybrid infrastructure.
• Granularly identify each pipeline, job, and runner. Aembit’s platform identifies individual GitLab jobs and runners with precision. It uses the token project path, ref type (branch or tag), and the specific ref (branch or tag name) to identify jobs.
• Attest to the identity of each caller to or from GitLab. The GitLab Trust Provider feature attests to the cryptographic identity of client workloads running in a GitLab Jobs environment, verifying their identity before authorizing access and issuing credentials.
• Enforce Zero Trust conditional access for GitLab calls. Aembit enables Zero Trust conditional access policies for GitLab by evaluating requests based on verified identity and real-time conditions. This ensures that only authorized non-human identities can access resources, adhering to the principle of least privilege.
• Remove locally stored credentials. The platform eliminates the need for developers and applications to store long-lived credentials locally. Aembit brokers access, handling credential management on behalf of the client workload, which allows you to safely remove any previously stored secrets.
• Automatically inject credentials. Aembit automatically retrieves or requests access tokens on behalf of a client workload and injects them into API calls. This process is seamless and eliminates the need for developers to manage or code credential fetching
• Additional features and enhancements. Aembit’s integration with GitLab also provides centralized access management for all workloads, auditable access logs for all access events, and credential lifecycle management to automatically rotate tokens. Aembit also provides APIs and a Terraform Provider to configure and manage Aembit programmatically. All together, Aembit simplifies the management of access rights and enhances security.