Securing Ansible with a Zero Trust Overlay

So...for ops teams, remove VPNs, bastions, open IB FW ports, complex ACLs. One inbound firewall rule: deny-all.

Abstracted...Paramiko / Ansible solution shows developers how to embed secure networking into our apps, as code, via OpenZiti open source platform.

Disclosure: founder of a company which sells SaaS on top of the open source. So a massive fan but happy to answer questions as objectively as I can.

OP here. I use Ansible a lot in my day-to-day work, and the day the OpenZiti Python SDK came out, I wrote a wrapper around the Paramiko connection plugin to secure the connection to the target. It was so easy, and worked so well, I wrote a small demo so you all can try it too. Happy to answer any questions, and if you try it, share whatever feedback you have!

Solutions that add more security without more pain, always feel like double the win. Thanks for posting.