Retrieving Secrets Securely

Thomas Gray recently posted about how he and his team integrated with Vault for secret management using Rancher as a source of truth for authentication and authorisation. This is a follow on post which discusses how my team and I approached a similar problem. What did we need to do? We were building authentication and authorisation services … Continue reading Retrieving Secrets Securely

Advertisements

Generating New Master Key Shares in Vault

Vault makes use of Shamir's secret sharing scheme to split a master key into n pieces, requiring at least k of them to be presented at 'unseal' time. At initialisation time, the user specifies what values n and k should take. Vault does not make it possible to change the number of shares after initialisation … Continue reading Generating New Master Key Shares in Vault

White paper on the secret sharing implementation in Hashicorp’s Vault

Securing a secret, whether it's a password, sensitive information or a cryptographic key, is hard to get right. Hashicorp's Vault attempts to remove the headaches by providing simple APIs no matter what form the storage back-end takes. I have just finished a report which looks into part of the implementation of Vault to show the mechanisms used to protect user's … Continue reading White paper on the secret sharing implementation in Hashicorp’s Vault

Velocity 2015, 1: Keeping Secrets Secret

I  was fortunate enough to attend Velocity in Amsterdam this year, which followed several major themes - one of which being security. This post was inspired by a presentation given by Alex Schoof entitled "Managing Secrets at Scale". Alex covered many areas, including how to control the use of secrets, how they can be made highly available … Continue reading Velocity 2015, 1: Keeping Secrets Secret

Generating a Key Pair with iOS’s Secure Enclave in Swift

I found it impossible to find a segment of code which showed how to generate a secure key pair in the enclave with swift for iOS 9. So... here it is! // private key parameters let privateKeyParams: [String: AnyObject] = [ kSecAttrLabel as String: "privateLabel", kSecAttrIsPermanent as String: true,        kSecAttrApplicationTag as String: … Continue reading Generating a Key Pair with iOS’s Secure Enclave in Swift