As various forms of distributed computing, such as cloud computing, have come to dominate the computing landscape, security has become a bottleneck issue that currently prevents the complete migration of various capabilities and systems associated with sensitive data, such as financial data, to cloud-based infrastructures, and/or other distributive computing models. This is because many owners and operators of data centers that provide access to data and other resources are extremely hesitant to allow their data and resources to be accessed, processed, and/or otherwise used, by virtual assets, such as virtual machine and server instances in the cloud.
One mechanism historically used to control access to the data and other resources is the use of various secrets such as, but not limited to, passwords, encryption keys, and digital certificates, to control and authenticate entities desiring to access various types of data and resources. There is little doubt, the use of secrets can be an effective method for ensuring that data and other resources are only accessible by an authorized virtual asset. However, ensuring that a given virtual asset is provided the entire collection of secrets that it needs to perform its designated tasks, and equally importantly, ensuring that the virtual asset does not receive any secrets that it does not legitimately need, is often a complicated and time consuming task that not only expends significant resources, but currently creates a significant delay in the initiation and operation of virtual assets. This is particularly problematic given that, currently, secrets management is largely a manual process.
What is needed is a method and system to authenticate that a virtual asset is eligible to receive one or more secrets, then determine the secrets, or secret classes, legitimately needed by that particular virtual asset, then collect the secrets determined to be legitimately needed by the particular virtual asset, and then provide the virtual asset access to only these secrets.