Secure Secrets Management
Secrets Management platforms store, manage and provide secrets. Both cloud-native and legacy applications use secrets management applications to secure variety of secrets including encryption keys, tokens, and passwords.
Development teams need to share data, configurations, and access keys across teams to cooperate on application development and testing. Automated build servers need access to source code control, API gateways, and user roles to accomplish their tasks. Servers need access to encrypted disks, applications need to access databases, and containers must be provisioned with privileges as they start up. Automated services cannot wait around for an administrator to type in passwords or provide credentials. Secrets management platforms address these requirements.
While the data used by secrets management platforms is typically secured while at rest and in motion, secrets information is in the clear and unprotected at runtime. Bad actors can compromise secrets while the data is in use. For example, hackers or malicious insiders can parse data-in-use to obtain the encryption keys for data-at-rest or certificates for data-in-motion.
For example, Hashicorp Vault, one of the most popular secrets-management solutions, is clear about risks stemming from control of the host and runtime security risks in their threat model:
The following are not parts of the Vault threat model:
Protecting against arbitrary control of the storage backend. An attacker that can perform arbitrary operations against the storage backend can undermine security in any number of ways that are difficult or impossible to protect against. As an example, an attacker could delete or corrupt all the contents of the storage backend causing total data loss for Vault. The ability to control reads would allow an attacker to snapshot in a well-known state and rollback state changes if that would be beneficial to them.
Protecting against the leakage of the existence of secret material. An attacker that can read from the storage backend may observe that secret material exists and is stored, even if it is kept confidential.
Protecting against memory analysis of a running Vault. If an attacker is able to inspect the memory state of a running Vault instance then the confidentiality of data may be compromised.
Anjuna Runtime Security creates a trusted execution environment. It wraps a security boundary around runtime secrets management applications so that secrets remain secret. Whether on-premises or in the public cloud, Anjuna establishes and maintains trust for secrets management applications.