Safeguard Production Secrets
Learning Objectives
After completing this unit, you’ll be able to:
- Define key management solutions (KMS).
- Explain the value of using a KMS.
- Identify KMS methodologies.
- Define key management terms.
What Is a Key Management Solution?
Key management solutions (KMS) rely on a set of dedicated servers to administer a full lifecycle of cryptographic keys (keys used to encrypt data) and protect them from loss or misuse. KMS and other key management technologies ultimately control the generation, usage, storage, archival, and deletion of encryption keys. Additionally, to fully protect their loss or misuse, companies must limit access to these keys, either by restricting physical access or controlling user access by creating clear and defined user roles.
Data encryption is the bedrock of cybersecurity. Encrypted data remains worthless ciphertext (encrypted or encoded text that is unreadable by humans or computers) to anyone who doesn't have access to the encryption keys. So, key management is—in turn—the key to encrypted data security.
Keys unlock your secrets, which means they pose a specific security risk if accessed by an unauthorized user. Somehow, you must keep track of the keys, decide who has access to them, and figure out how they can be accessed without being exposed. This is the central task of any KMS.
Why KMS?
KMS is designed to provide application owners a way to generate and manage cryptographic keys. These keys should be protected and managed in a secure and physical computing device—a hardware security module (HSM)—when possible. HSMs are designed and certified to be tamper-evident and intrusion-resistant, and they provide the highest level of physical security.
A common mistake people make when encrypting data at rest is to use an inadequate key, or to store the key along with the encrypted data. This is the equivalent of leaving a key under the doormat of your house. It’s the first place a malicious actor looks for a key, and it puts your data in serious danger. Instead, make sure that keys only exist on devices in a transient state. That is, the user should enter them only so that the data can be decrypted and then erased from memory.
KMS Methodologies
There are various KMS methodologies that centralize key generation, distribution, and management. These allow you to maintain control of what keys are in use and who is using them.
Traditional Public-Key Solutions
One reason keys have been difficult to manage is that in a traditional public-key solution, a key is typically assigned to an individual, server, or organization. This key works like a signature, validating that the data has come from the proper source. In this technology solution, keypairs persist for years at a time, so the key must be carefully guarded against disclosure. Anyone with access to the private key can counterfeit that person's digital signature.
Transient-Key Solutions
In transient-key solutions, the keypair is assigned to a brief interval of time, not to a particular person or entity. Data signed by a specific private key becomes associated with a specific time and date. A keypair is active only for a few minutes, after which the private key is permanently destroyed. Therefore, unlike public-key solutions, transient-key solutions do not depend upon the long-term security of the private keys. A KMS works as a transient-key solution. Larger organizations use a KMS with an HSM to provide a very high level of security.
Key Management Terms
Let’s talk about some cryptographic key terms you might encounter when working with KMS solutions.
Password versus key: In Secrets Management for Developers, you learned about the difference between a password and a key. Remember that the primary difference between keys and passwords is that the latter are intended to be generated, read, remembered, and reproduced by a human user. A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, so human readability is not required. In fact, most users will, in most cases, be unaware of the existence of the keys being used on their behalf by the security components of their everyday software applications.
Symmetric versus asymmetric keys: Asymmetric key algorithms use separate keys for encryption and decryption, while symmetric key algorithms use a single key for both processes. Because an asymmetric algorithm uses multiple keys, the process takes longer to produce than a symmetric key algorithm does. However, the benefit is that an asymmetric algorithm is much more secure than a symmetric key algorithm.
Cryptographic hash: This is a mathematical algorithm that maps data of arbitrary size to a bit array of a fixed size (the hash value, hash, or message digest). Hashing is a cryptographic process that can be used to validate the authenticity and integrity of various types of input. It is widely used in authentication systems to avoid storing plaintext passwords in databases, but is also used to validate files, documents and other types of data.
Cryptographic salt: This is the random data used as an additional input to a one-way function that hashes data, a password, or a passphrase. Salts are used to safeguard passwords in storage.
A KMS solution protects your secrets as follows: A developer uses KMS to create or store a secret using the KMS producer service. The producer generates a new secret, embeds authorization by attaching the set of services that are allowed to access it, and encrypts it. The developer receives the resulting encrypted blob to check-in to source control along with their application. The encrypted secret is deployed to production along with the application, where it is decrypted and exposed to code via an in-memory file system.
Knowledge Check
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to check your work. To start over, click Reset.
Great work!
