Introduction

The Anjuna Policy Manager (APM) enables Anjuna Confidential Containers to automatically and securely retrieve secrets based on the application’s identity. It solves the problem of secure initial secret management.

While data is encrypted in use with Confidential Computing, most applications will need one or more initial secrets to start. The secrets are typically accessible by the application through the filesystem or environment variables.

For example, an application server might need a private key and a certificate to prove its identity to client applications.

Securely obtaining these secrets is challenging - if the secrets are stored on the disk or the image of the application, a malicious human or software can read them from that disk. If these secrets are encrypted, the key to decrypt them is available on the disk. If the secrets are stored in a key management system (KMS), the application needs the credentials to authenticate to that KMS, and those credentials will be available on the disk. And if the secrets are provided via the machine identity (in the cloud, for example), a malicious insider could run malicious software on the same machine and access those secrets.

Confidential Computing with the Anjuna Seaglass Platform enables a powerful, unique, and fully automated method to eliminate the risks of secret management and obtain the initial secrets. Anjuna Confidential Containers can generate hardware-based attestation reports that cryptographically prove the application’s identity and that it is running in a Trusted Execution Environment (TEE). Unlike secrets stored in files or environment variables, attestation reports cannot be reused or forged by attackers - they are analogous to biometry with liveness detection instead of a password.

The attestation report is used to prove an application’s identity to the APM. When the application running in the enclave starts, the Anjuna Runtime will authenticate and attest itself to the APM using the TEE’s attestation report. After fetching the application’s secrets, the Anjuna Runtime will transparently make them available to the application running in the TEE.

An attacker cannot gain access to the secrets in the APM, because they cannot prove their identity with a valid attestation report. Only a valid application running inside an Anjuna Confidential Container can do so, and the hardware encrypts its memory in use.