Distributed encryption key management

摘要

Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

主权项

1. A system for managing secure objects for a host computer of a plurality of host computers, comprising:
a processor; and a memory including instructions that, when executed by the processor, cause the processor to:
assign the host computer to a host class, the host class associated with a secure function;obtain a secure identifier for the host class, the secure identifier being associated with at least one secure object for use in performing the secure function; andprovide information regarding an update to the host computer at least in response to the update, the update identifying a change to the at least one secure object associated with the secure identifier, wherein the secure identifier has a default secure object specified to be used to perform the secure function.