🔒 نگهداری اسرار، اعتبارنامه‌ها و هویت‌های غیرانسانی به شیوه‌های امن، جنبه‌ای مهم اما اغلب نادیده‌گرفته‌شده از توسعه نرم‌افزار امن است.

مهاجرت به ابر و تحول دیجیتال منجر به انفجار هویت‌های غیرانسانی—مانند اسکریپت‌های اتوماسیون، برنامه‌های ابری و ابزارهای DevOps—شده است که نیاز به امنیت در محیط‌های چند ابری و هیبریدی دارند.

⚙️ امنیت DevOps معمولاً به اسکن آسیب‌پذیری‌ها می‌پردازد، اما بحث‌های وسیع‌تر مانند احراز هویت، مجوزدهی و کنترل دسترسی را نادیده می‌گیرد که ممکن است درهای نفوذ را باز بگذارد.

این‌جاست که یک استراتژی امنیت هویت متمرکز بر مدیریت اسرار می‌تواند کمک کند.

📚 در این کتاب عملی، نویسندگان جان والش و اوزی ایلئون چارچوب‌های مفهومی، نمای کلی تکنولوژی‌ها و نمونه‌کدهای عملی را ارائه می‌دهند تا به مهندسان DevSecOps، مهندسان امنیت سایبری، مدیران امنیتی و توسعه‌دهندگان نرم‌افزار کمک کنند تا موارد استفاده در سراسر خطوط لوله CI/CD، Kubernetes و محیط‌های ابری، هیبریدی و چندابری، اتوماسیون/RPA، IOT/OT و غیره را بررسی کنند.

🔑 یاد خواهید گرفت که:

• اصول احراز هویت، مجوزدهی، کنترل دسترسی و مدیریت اسرار را درک کنید.
• آنچه که توسعه‌دهندگان باید در مورد مدیریت اسرار و هویت برای ساخت برنامه‌های امن‌تر بدانند.
• هویت‌های غیرانسانی، اسرار و اعتبارنامه‌ها چیستند و چگونه می‌توان آن‌ها را تأمین کرد.
• چگونه توسعه‌دهندگان با همکاران خود در بخش‌های مختلف برای ساخت برنامه‌های امن‌تر همکاری کنند.
• چگونه امنیت هویت در شیوه‌های توسعه نرم‌افزار مدرن جای می‌گیرد.

Maintaining secrets, credentials, and nonhuman identities in secure ways is an important, though often overlooked, aspect of secure software development. Cloud migration and digital transformation have led to an explosion of nonhuman identities—like automation scripts, cloud native apps, and DevOps tools—that need to be secured across multiple cloud and hybrid environments.

DevOps security often addresses vulnerability scanning, but it neglects broader discussions like authentication, authorization, and access control, potentially leaving the door open for breaches. That's where an identity security strategy focused on secrets management can help.

In this practical book, authors John Walsh and Uzi Ailon provide conceptual frameworks, technology overviews, and practical code snippets to help DevSecOps engineers, cybersecurity engineers, security managers, and software developers address use cases across CI/CD pipelines, Kubernetes and cloud native, hybrid and multicloud, automation/RPA, IOT/OT, and more. You'll learn:

• The fundamentals of authentication, authorization, access control, and secrets management
• What developers need to know about managing secrets and identity to build safer apps
• What nonhuman identities, secrets, and credentials are—and how to secure them
• How developers work with their cross-function peers to build safer apps
• How identity security fits into modern software development practices

Table of Contents

1. What You Need to Know About Identity Security.

2. Secure Coding Practices for Identity Security.

3. Authentication and Authorization.

4. Overview of Identity and Access Management Solutions and Protocols.

5. Secrets Management.

6. Cloud Security and Cloud Native Considerations.

7. Securing Kubernetes.

8. Security Automation.

9. CI/CD Pipeline Security and Software Supply Chains.

Who Should Read This Book?

This book is intended for developers, engineers, and dev-adjacent professionals who are involved in building, deploying, and securing software. Whether you’re a coder just starting your journey, a seasoned developer, a DevOps engineer managing cloud infrastructure, or a security professional working with development teams, this book will help you understand identity security in the context of modern software development.

Many developers and engineers already interact with identity security—often without realizing it. As automation, AI, and cloud native technologies accelerate development, identity-related security decisions are becoming part of daily workflows. This book will help you recognize those security-related moments, understand best practices, and avoid common mistakes before they lead to security incidents.

At the same time, security professionals can use this book to gain a developer’s perspective on identity security—which will help them understand where identity risks emerge in the software development lifecycle, how development teams approach security, and how to collaborate more effectively with them to embed security into development workflows without slowing down innovation.

This book also is for anyone who wants to do the following:

• Develop a strong foundation in identity security—covering authentication, authorization, secrets management, and machine identity.
• Build secure, resilient software systems that integrate security into development workflows without adding unnecessary friction.
• Safeguard user identities and sensitive data in modern applications.
• Mitigate common identity-related vulnerabilities and security threats that affect software development.
• Understand how to secure identities in cloud environments, CI/CD pipelines, and Kubernetes workloads.
• Bridge the gap between security and development teams, fostering better collaboration to build secure software faster.

No matter your role, if you’re involved in writing, deploying, or securing software, this book will help you recognize and address identity security risks before they become problems.

About the Author

John Walsh is a distinguished authority in software security, with over 15 years of experience in various roles within enterprise security companies. From software developer to product manager, product marketing, and open-source community manager, his diverse background has equipped him with a comprehensive understanding of securing the entire software supply chain. This unique perspective enables him to communicate the intricacies of enterprise software security with clarity and depth, catering to both technical and non-technical audiences.

Uzi is a seasoned software engineering professional with over 25 years of experience, including 15 years focused on customer engagement and sales. With deep expertise in the entire software development lifecycle, security, and DevOps, Uzi understands the unique challenges enterprises face in balancing innovation with security.

As a leader in CyberArk's Machine Identities solutions, Uzi is committed to helping organizations strengthen their security posture while fostering seamless collaboration between DevOps and security teams. By leveraging automation to reduce security risks and enhance operational efficiency, Uzi enables businesses to protect their most critical assets without compromising agility. With a strong grasp of the business objectives of Fortune 500 companies, Uzi bridges the gap between technical excellence and strategic goals, ensuring that security solutions align with broader enterprise needs. His customer-centric approach and extensive industry knowledge make him a trusted advisor in driving secure, scalable, and efficient digital transformations.

Over the years, Uzi has worked with hundreds of customers, helping to design their machine identity security solutions and define best practices that enhance security, compliance, and operational effectiveness.

Matt was co-founder & CEO of Jetstack, a Kubernetes company he bootstrapped in 2015 before being acquired by Venafi in 2020. Venafi was subsequently acquired by private equity company Thoma Bravo, and then the cybersecurity company CyberArk.

Jetstack is best known for its open source project 'cert-manager', which is downloaded millions of times a day to secure cloud native infrastructure. Cert-manager was donated to the CNCF in 2020, and graduated in 2024.

Matt has played a number of product and leadership roles since being acquired, and now leads workload identity at CyberArk (think SPIFFE!) In January 2021, Matt was awarded as a top 100 Open Source Influencer by OpenUK. He also acts as Entrepreneur as Residence for Open UK, and has an advisory role with the AI engineering firm Helix.