Security vs. Speed:
Do you know which meeting in a company usually becomes the most emotional? The one where the Information Security department and the DevOps team sit down to discuss how secrets will be managed from now on.
The Black Friday Case
I remember one particularly vivid case. A large fintech company decided that all its Kubernetes containers would retrieve database passwords through the REST API of a traditional CyberArk Vault. Architecturally, it looked great on paper. Then Black Friday arrived. Traffic surged. The Kubernetes cluster automatically scaled up and launched another thousand containers to handle the load. And every one of those containers simultaneously called the Vault API to retrieve its password.
What happened next? A classic self-inflicted DDoS attack. The heavyweight enterprise vault that worked perfectly for a hundred administrators simply collapsed under thousands of machine requests per second. Containers couldn’t get their credentials. The application failed. The business lost money. After that, DevOps said, “We warned you,” and implemented a workaround that cached passwords in plain text.
And what was the result? Security effectively dropped to zero.
This is a classic example of why tools built for humans do not work for machines. Machines require speed, scalability, and native integration.
Secrets Manager: Not a replacement, but an extension
That’s precisely why a new category of solutions has appeared on the market – Secrets Managers (for example, CyberArk Conjur). This isn’t a replacement for your core PAM system. It’s a logical extension, a high-speed courier for secrets.
The idea is to reach an architectural compromise that we advocate in many pilot projects: give each team what it needs.
The security team keeps its single source of truth – the classic vault. That’s where passwords are rotated, policies are configured, and ISO 27001 audits are satisfied. But instead of forcing developers to access this vault directly, we deploy a lightweight, horizontally scalable Secrets Manager within the DevOps environment. It retrieves secrets from the vault and delivers them to containers within milliseconds.
Even better — it does so natively. Developers don’t need to rewrite their code to work with a new security API. The Secrets Manager injects the required credentials directly into the container’s memory during startup. Developers continue writing code the way they always have. Pipelines remain fast, and releases keep moving.
DevOps culture doesn’t tolerate workarounds. If security creates friction, it will be bypassed. The successful projects we see in distribution are built not on restrictions, but on integration. When a security tool works under the hood and speaks the developer’s language, the conflict disappears, and real engineering work begins.