Protection of critical secret information, such as passwords, private keys or master keys at-rest for computer systems, is a challenging task. Secret information can be protected by access control mechanisms provided by the file system of an operating system, or encrypted by a secret key, which is either derived from a password or retrieved from hardware modules, such as Trusted Platform Module (TPM), or requested from a third-party secret management service.
These conventional approaches have one or more limitations, which may jeopardize the security of the protected secret information. One of the limitations may be the lack of defense-in-depth. In some of these conventional approaches, secret materials may possibly be stored at the same location (e.g., a file system) with the data being protected via encryption using a key derived from the secret materials. This violates the principle of cryptographic storage that the secret information (e.g., a key) must not be stored in the same location as the data it is protecting (e.g., encrypted data).
Another limitation of some of the conventional approaches is the limited support of high availability. The applications/software leveraging the secret information may be “locked” with the particular hardware platform if the secret information is stored in hardware modules, like TPM, on a particular physical platform. Thus, migration of the software to other physical hardware platforms is restricted, which is a common practice for high available systems.
A limitation with respect to the third-party secret management service approach is that system independence is sacrificed for the third-patty's security strengthened service to manage the secret information. In addition, since secret information is usually hosted by one entity, a compromise of the entity may lead to compromise of all the secret information being managed by that entity. Furthermore, the third-party secret management service is usually expensive, which may not be a viable solution for small businesses.
Throughout the description, similar reference numbers may be used to identify similar elements.