Distributed computer systems have become an important solution to handle large amounts of data generated by modern computing demands. Spreading the computational workload over multiple separate computer systems not only offers the ability to process data faster than a single-computer system, but also provides scalability to add and remove computational resources as needed, as well as availability to provide service with fewer disruptions by avoiding a single point of failure. Such distributed systems can consist of up to thousands of interconnected computer systems, and are typically used by large enterprises to provide services such as web-hosting or secure intranets.
The distributed nature of such systems, however, makes security a challenge. Some security configurations may require that a computer responding to a request have access to a set of credentials for a particular service. However, in some distributed systems, a service may have multiple instances running on different computers, and one or more instances may attempt to operate under the same credentials. Further compounding the challenge, some distributed systems may route an incoming request for service to a randomly-chosen computer in the distributed system, so that different requests are spread out among different computers. Because the requestor does not distinguish among the many possible computers that might process a request for a service, any computer in the distributed system that may respond to a request for that service may have access to credentials associated with the service.
Credentials may allow a computing device to participate in any number of authentication functions associated with providing the service. For example, an authentication function may involve a service-providing computing device proving the service's identity to another device that requires its requestors to provide that service. Frequently, a computing device will prove the identity of a service by performing a cryptographic function using credentials of the service. For example, a request for authentication may arise when the device providing a service seeks to access information or other resources restricted to instances of that service. Alternatively, a request for authentication can arise in other contexts, such as when a client seeking to access a service attempts to verify that the device providing the service indeed represents that service. Regardless of the nature of the authentication function to be performed, for any one of a number of computing devices in a distributed system to seamlessly perform these authentication functions, one or more devices may take actions to run under a synchronized set of credentials. In this way, one or more computers involved in providing a service may present a common identity and may interchangeably participate in providing the service.
Furthermore, good security practices may dictate that these credentials be periodically updated to maintain their secrecy. This credential update may be referred to as a refresh, rollover, or regeneration of credentials. Regardless of the name, it is known to provide periodic updates of credentials by manually updating the credentials on computing devices that are authorized to have access to them. The process can be automated to a degree with scripts generating and setting the credentials, but mistakes are still common and may require human assistance. It is not uncommon for a large organization to spend significant amounts of money on personnel running these manual or partially automated operations. It is also not uncommon to experience disruptions in one or more services during such updates, especially when updates are coordinated among multiple instances of a service running in a distributed environment. Such disruptions may lead to monetary or personnel productivity loss for the organization.