Enterprise security for enterprise requirements

At Puppet, we take the security of our products very seriously. Our vulnerability disclosure process and reputation are admired throughout the IT automation industry. Puppet Enterprise is one of the most hardened enterprise applications available. Customers like Walmart and New York Stock Exchange depend on Puppet to manage highly secure environments at massive scale — and we deliver.

Security is built right into the Puppet Enterprise platform. All services communicate over SSL with two-way peer verification at every step. Trusted facts — unspoofable inventory data — allow you to safely make assumptions about a host’s role in the infrastructure. Our company's mature disclosure process means we respond to vulnerability disclosures swiftly and responsibly.

Enterprise security
Stay informed. Security resources at your fingertips.
We're a multi-tenant environment, and we have different customers. Sometimes, due to policy, we're not allowed to have certain individuals see certain customers because of different security compliance, you know, U.S. export regulations, things like that. The role-based access control allows us to show just the people who need to see a piece of our environment, that slice of the data.
Sean Millichamp, enterprise architect, Secure-24

SSL is complex. We make it easy.

Puppet Enterprise includes an SSL certificate authority (CA) to authenticate and encrypt all communication between all Puppet Enterprise services, including Puppet agents. Whenever a new Puppet agent comes online, it issues a certificate request to ask permission to speak to the Puppet Server. That request can be manually approved by a human, or safely auto-signed by meeting policy requirements. Either way, you don’t need to be a SSL expert to effectively achieve security throughout your Puppet Enterprise infrastructure. And hey, if you are that SSL pro, Puppet can use your CA instead.
Complexity

Move fast and trust things

Speed and agility are the main benefits of moving to cloud architectures, whether they're public or private, hosted or on-prem. As VMs are created, they need to have their configuration deployed as quickly and safely as possible. Puppet Enterprise enables you to safely and automatically assign configuration roles to newly created cloud instances. Puppet Enterprise includes a technology called "trusted facts." Trusted facts allow you to assign permanently immutable inventory data to a Puppet agent — for example, a role, location, owner, or pre-shared keys. This information cannot be spoofed, and therefore can be used to automatically and safely assign configurations to new systems. You can go from creating a new VM to fully deploying it in a single step. When provisioning cloud instances, the provisioner adds trusted facts to the agent and Puppet Enterprise can safely assign the correct configuration to the VM, preventing a rogue machine from getting control or configurations it shouldn’t have.
Move fast and trust things
Learn about trusted auto-inventory data and secure auto-signing with AWS and Puppet.

A proven history of swift and responsible response

At Puppet, we regularly perform penetration tests of our software through independent vendors to ensure the safety our products and hosted services. We have a mature process for responding to vulnerability disclosures from the community. Our security team monitors open source projects included in our software for new vulnerabilities. When something happens, we’re on top of it. Puppet not only issues vulnerability announcements for our own products, we also issue advisories for open source projects included in Puppet products. When responding to a potential vulnerability, we always err on the side of issuing a CVE (Common Vulnerabilities & Exposure) if we are unsure how best to proceed. We believe being transparent and raising awareness is too important to do any less. If we are unable to determine the complete impact of a vulnerability in software we include as part of Puppet Enterprise, we write a patch and issue an update. When we issue patches for our open source projects and for Puppet Enterprise, we communicate immediately with distributors of Puppet, so they can make updates to their own distributions and products available when the vulnerability is made public.
security Puppet Enterprise
Get Puppet Enterprise on up to 10 nodes for free.