Securing ChatOps to Enable DevOps

Earlier this month, my colleague, Phillip Moore, and I presented at DevOpsdays Austin about the secure layer we built in front of GitHub's Hubot to enable ChatOps, while still meeting all of our internal and external security requirements. Managing access to restricted data and systems is a not a new problem for enterprise software companies. The common solution is to completely separate the Operations and Development teams: developers write code; operators touch production. While this is the simplest model of managing access, it has a direct diminishing impact on velocity and is completely opposite to the DevOps mentality.

The focus of our work was twofold: first, we built a middleware layer into Hubot to allow extensibility; second, we built a collection of middleware pieces to secure Hubot. This middleware collection provides the foundation required to securely access our production environment from chat. It lets us realize the full value of ChatOps in an enterprise company: increased velocity through developer-initiated changes, increased visibility across distributed teams, and streamlined workflows by bringing tools and information into the flow of conversation.

The slides from our talk are available on Box and we will post the video when it is available. If you have questions, please hit up either of us on FreeNode (##chatops). Thank you to the organizers and sponsors of DevOpsdays Austin for the opportunity to share!

Photo courtesy of @tylerjturk.