Conversocial simplified role-based access control for internal engineering systems
Conversocial helps brands develop meaningful relationships with their customers at scale. Tapping into the unique nature of messaging and combining human agents with adaptive automation, Conversocial enables brands to deliver conversational customer experiences that delight consumers and transforms customer service, marketing, and sales. Conversational managed SSH keys using a hand-rolled solution using configuration management. “The automation part of our platform came on from a company called Assist, which we acquired a couple of years ago,” said James Legg, Team Leader of the Platforms and Infrastructure Engineering Team at Conversocial. “It’s a VPN plus an SSH key solution managed by saltstack and used to push the keys out to machines and the agent workspace,” said James. “We were building out new environments, and I didn't want to manage SSH Keys if I could help it. I was looking for something that could be integrated with Google Workspace single-sign-on and found Smallstep.” Historically SSH key management fell on James’ team and was often a manual effort. “We have internal tools that generate big, long, horrible SSH strings which you copy and paste in the terminal,” he continued. “The aim is not to have too many things to decommission when someone leaves the workplace. We've been building role-based access control for internal engineering system access managed using Google Group membership based on that aim for a while now. And what smallstep created fit all those boxes with minimal effort.”
We were building out new environments, and I didn't want to manage SSH Keys if I could help it.
Say goodbye to manual SSH processes.
“I didn’t find any other vendors that were doing the same thing. The trial button was quite nice and easy, so we didn't have to go through too much to try this out and play with it. So I decided, OK, we'll give it a go. The ease of doing it, without having to think too hard about getting it right, made a big difference”, James continued. “SSH, and especially certificate based ssh is one of those areas where you can think you've got it right and you've actually screwed it up entirely. And the consequences when you discover that it’s incorrect are either a massive security hole, or you’ve accidentally locked yourself out of the system. Neither of which are things you want to think about happening.
“I think compared to what we were doing before, the user experience has been pretty nice. Before Smallstep, we're forever telling people, oh yeah, you're running that ssh helper script in the wrong python virtual environment. You've got your dependencies broken, or we've upgraded it, and it's telling you that. But you didn't need it because it fell over somewhere else in your script. All of that is no longer a problem.” Adding smallstep to the standard shell scripts for MacBook users removed users’ need to even think about SSH access. “One of the scripts installs Smallstep and sets up the SSH configuration, so people don't think about it. It's just kind of magic when the user gets a popup single-sign-on window for SSH.”
“It's nice for the Engineering team to have the ability to go and look at a database in development or administer something on a machine without having to think very hard about it.”
A managed offering is paying early dividends.
James benefited from the value of using a SaaS offering. “Oh, look, someone else is prepared to do the work for us for a fairly nominal fee. And hopefully, I don't have to debug why someone's lost their SSH key or why it has space where it shouldn't be. Or maybe they truncated it. I’m avoiding all this kind of stuff, which is never very much fun to do. I'm not missing SSH Keys, that's for sure.”
Smallstep is just beginning to provide value for the Conversocial team. “we've still got lots more to do in terms of migrating applications to reap the value of Smallstep for lots of people.” James has one last message for folks considering Smallstep SSH. “If you want to not think about managing SSH keys and to be able to have access revoked at the same time you revoke the access to the rest of the systems, it's really good.”