News 29 Nov, 2020

Ansible playbook for EJBCA Enterprise container deployment

Containers and virtual machines are becoming more and more common in today’s organizations. Red Hat provides an open source automation tool, Ansible, that enables efficient and secure container provisioning, configuration management and deployment. Ansible leverages an easy-to-use markup language called YAML to write playbooks that are used to automate tasks by running the commands.

Authentication between containers or microservices can be achieved using mutual TLS and thus X.509 certificates need to be issued and provisioned to each container. Keeping in mind that the nature of DevOps is such that containers should have the possibility to deploy at scale and that the containers are created and destroyed at any time, what does this mean for the certificate issuance and provisioning? Can this process also be integrated and automated within the DevOps environment and at the same time stay secure and controlled?

PrimeKey follows the trends in DevOps closely and understands the importance of being able to deploy PKI and digital signature solutions as containers and virtual machines by using Ansible as the automation tool. The efficiency and security gains can be tremendous when doing it right and the PKI software EJBCA can be deployed in seconds. In addition to the set up of the EJBCA software, the Ansible playbook can include a complete PKI hierarchy set-up and configuration, with one or several CA’s, by using pre-tested templated configurations.

PrimeKey provides an example Ansible playbook for setting up a complete PKI environment with EJBCA, refer to PrimeKey Developers GitHub/Ansible. For additional EJBCA example tools scripts, refer to PrimeKey Developers GitHub/Scipts.

Read more here:

Running PKI and Signature Services in DevOps Environments