Secrets Email to Colin - razmipatel/Random GitHub Wiki

Subject: Secrets Management – Current Status and Next Steps

Hi Colin,

Following our conversation and the SMT action item, here’s a summary of where we currently stand on secrets management and what we’re working towards:

✅ Current State CyberArk is currently in use for on-prem secrets management only.

No current integration exists between CyberArk and Entra ID workload identities.

Some credentials and certificates (e.g., Jenkins pipelines) are not yet covered by automated rotation.

🔍 What We’re Assessing Michael Barylak from Security Architecture is currently reviewing the available options and has committed to providing recommendations by the end of this week. Once that’s done, Leandro Ueki will also be involved to support the architecture alignment.

📌 Key Questions We’re Exploring Can CyberArk be extended to support cloud workloads, or should we look to native solutions like Azure Key Vault?

What’s needed to enforce a 30-day secret/certificate rotation in line with our system standards?

What R4 enhancements or new tooling (if any) are required?

Are there any gaps or considerations for SaaS-specific connectors (e.g., Kafka, Confluent, SailPoint)?

🗓 Next Steps Await Michael’s recommendations (expected by end of week).

Engage Leandro to assess technical feasibility and architecture fit.

Prepare a consolidated update including: current tooling, gaps, potential roadmap options, and security considerations.

Let me know if you'd like me to start drafting a slide or briefing pack for SMT review in parallel.

Best regards, Razmi