CPC G06F 8/71 (2013.01) [G06F 8/40 (2013.01)] | 17 Claims |
1. A method to prevent secret misuse, the method comprising:
sending, by a computing system, a request to fetch a secret value from a collection of secret values at one or more locations;
receiving, by the computing system in response to the request, a handle that contains the secret value;
executing, by the computing system, application code that includes a reference to the secret value inaccessible to the application code, wherein the reference is the handle that contains the secret value, wherein the application code performs an operation using the secret value referenced by the handle, and wherein executing the application code to perform the operation comprises passing the handle to injector code; and
executing the injector code, including
accepting the handle;
obtaining the secret value from the handle without exposing the secret value to the application code;
using the secret value in the operation on behalf of the application code by executing a client created by the injector code, the client using the secret value to perform the operation;
redacting the secret value from a response indicating performance of the operation prior to providing the response to the application code; and
passing the response to the application code, wherein the response omits the secret value to prevent exposure of the secret value to the application code.
|