Secure Devops with Zero Trust


Why Securing DevOps matters

DevOps culture demands repeatable, automated creation of secure connections for remote services.
Providing a secure DevOps environment by implementing a Zero Trust approach is the answer.

Securing the biggest names in DevOps world

Salt, Kubernetes, Jenkins, Ansible the biggest names in the DevOps environment, all have incredible access grants within systems, and they all have access to immense amounts of sensitive data.
Now imagine the devastation that an exploit can bring if one of these systems are compromised.
Secure connectivity is therefore paramount.
Since removing access to these systems is not feasible. We began implementing zero trust with OpenZiti (open source) for ultimate flexibility.

Ansible Security Cloud: no open inbound SSH ports

Ansible does a fantastic job of security on the software side. Meanwhile, Ansible users are responsible for the secure networking side, and this is where it gets complicated. Managing bastion hosts, routing and firewall rules is cumbersome and defeats the purpose of why we use Ansible to begin with.

In comes “Ansible Security Cloud” zero trust, open source based Ansible networking. It is a service you control and can be spun up and down in minutes – via Ansible.
Read how we implemented OpenZiti zero trust networking endpoints… inside Ansible.

saltstack with ziti

SaltStack meets OpenZiti – configuration management with zero trust

The vulnerability exploit (CVE-2020-11651 and CVE-2020-11652) of May 2020 brought to focus/attention the need to secure SaltStack from the network. With OpenZiti, we now use SaltStack without exposing any SaltStack masters to the internet. Read how we did it, here.

Invisible Jenkins

Jenkins is a high-value target as it tends to store sensitive data, powerful credentials needed to deploy cloud infrastructure and applications automatically moreover a compromised Jenkins server is also an opportunity to introduce malicious code into a build.

Here is our solution for existing Jenkins users to continue using Jenkins after switching off the internet visibility of the server(limit access to the server). Also explained the configuration in GitHub and Jenkins for two jobs that are both triggered by a GitHub event.



A New Art of the possible for CI/CD

Imagine the levels of automation and security you would achieve if you could make it so that every asset touched by your CI/CD pipeline was unreachable by the networks, other than when your pipeline needed access. You can now have a secure devops experience with secure networking, controlled by your devops pipeline, as code.
This quick video demo shows how simple this new art of the possible can be.

Secure DevOps by taking your DevOps tooling to the dark side

Private Kubernetes APIs Made Simple

This is how we did it for Kubernetes platform Platform9.Check out the video to see how simple it can be to make Kubernetes clusters unreachable from the networks with a pure security as code approach.

NetFoundry helps build scalable and secure networking infrastructure

NetFoundry provides a truly secure and reliable connectivity for Novis Services platform, customers' SAP environments and Novis Ops/DevOps teams

  • Business Outcomes:
  1. 200% quicker delivery time, more efficiency and fewer errors using NetFoundry’s APIs.
  2. Novis customers get completely dark cloud instances which are impervious to external network level attacks.
  3. Reduced cost of ownership by 30% through NetFoundry network as-a-service (NaaS) managing the infrastructure.
  4. Novis was able to eliminate the dependency on VPNs and VPC Peering each time they added a customer or an endpoint

Ziti open source + NetFoundry SaaS

Securely deliver and manage any app, anywhere, as code.

Reduce downtime,

eliminate complexity,

automate connectivity,

& infinitely scale with



Open source

Git The Code


Try for Free. See the Plans

Start Now


See a demo

Schedule briefing