In recent years, hackers have realized that GitHub repositories are a great way into a company. Allows them to scan the code for vulnerabilities or even push their own back doors without teams noticing. These high privilege actions are usually protected by a simple password or an SSH key that does not expire and is sitting unprotected on your developer’s workstation. EZGIT is the first SSH CA for GitHub repositories. EZGIT leverages your secure corporate Identity (Azure AD or Okta) to authenticate the user into the service and issues a short-term certificate to give the user Just in Time (JIT) access to your repositories. No more keys in engineers desktops waiting to be stolen by bad actors!
EZGIT uses Okta or Azure AD as the identity provider, allowing you to use your Identity Provider Conditional Access policies to prevent and detect malicious login to your most important resource, your code. All these extra security measures come at no extra churn for your users. The user uses the SSO workflow they are used to and EZGIT issue the short-term certificate in the background.
EZGIT can be easily deployed! All you need to do is register the application in your Azure tenant and sign up for EZGIT. If your GitHub users do not map to your aliases, EZGIT will automatically map the correct GitHub user to their username.
Save hours of engineering productivity by no longer having developers register their SSH Keys in GitHub by switching to EZGIT. EZGIT uses your secure developer identity to authenticate your developers and issue a short-lived certificate. Reducing onboarding time, while also protecting the user key from being stolen due to mismanagement of the private key.
Following SSH Keys best practices is hard and failing to do it have caused many companies to have their source code compromised. Are your engineers keeping their SSH keys safe? Are they password protected? Have their shared/emailed/committed their private key by mistake? EZGIT removes all that complexity by hiding all the key management form the user and issuing time bound certificates.
EZGIT adds the short-term certificates to the computer’s SSH agent, which is the credential manager used by most git clients. This enables transparent security to your users; all the user has to do is run “ezssh git" in their terminal and use their preferred git client tool.
All access requests are logged and can be easily exported for your security team to analyze and to easily comply with compliance audits.
All of infrastructure authenticates between micro-services with passwordless technology. Protecting us from credential theft.
CA keys are created for each policy and never leave the FIPS 140-2 Hardware Security Modules.
Control your CA keys and give EZGIT access to sign certificates. Contact us to learn more about this option.
