v0lkan
commented
1 year ago Punting to 1.1.0
Open v0lkan opened 1 year ago
v0lkan
commented
1 year ago Punting to 1.1.0
v0lkan
commented
1 year ago Thoughts: Using KMS to encrypt/decrypt stuff can make sense; but I recommend storing secrets in memory (instead of KMS) and also (still) backing them up locally on disk.
Moving secrets in memory (which is secure, because memory) to KMS will not provide any security advantage; and it will cost a lot more.
There can be kms: annotations though. As in: “the source of this secret is KMS; take it from KMS and store it in memory if it does not exist.”
Similar reasoning holds for other cloud secrets stores, including Vault (like: “Hey Aegis Safe, I want you to populate this secrete from this Vault KV if you don’t initially have it. If you do have, use what you have already.”
This will allow the operator the add a set of secrets to Vault, or KMS, or anywhere secure and bind them upon bootstrapping.
The binding will not be dynamic (at least in phase 1); but it will allow the operator to hydrate the store.
By leveraging sops (https://github.com/mozilla/sops), it is possible to save secrets to a third-party key store instead of storing them locally in-memory.