Open nvalerkos opened 6 years ago
The manifest has support for private fields where only the hash is exposed publicly. However, there's no way to obscure data or code from the host that's running your manifest. You could use things like multi-party computation or threshold signatures in your code if you want to have multiple hosts use a secret value without exposing it to any individual one of them
Hmm... I could supply a public key to encrypt the generated password of the container. With no protection on the code is an issue.
How do we supply private information that cannot be altered/tempered with inside a manifest that can only be set by the vendor or customer?
I am looking at codius as two ways:
In both cases I end up as not being able to trust the manifest data as private.