Introduction

The Anjuna Policy Manager is an attestation-aware secret provider that enables Anjuna enclaves to automatically and securely retrieve secrets based on the application’s identity. It solves the problem of secure initial secret management.

While data is encrypted in use with Confidential Computing, most applications will need one or more initial secrets to start. The secrets are typically accessible by the application through the filesystem or environment variables.

For example, an application server might need a private key and a certificate to prove its identity to client applications. Even if these secrets were stored in a key management system (KMS), the application needs a secret to authenticate to the KMS first.

Securely obtaining these secrets is challenging, because there is no built-in mechanism to provide secrets to the application server based on the application identity without changing the application’s code. Encrypting these secrets on the enclave disk image is equally challenging since the application will need the matching key to decrypt the secrets.

Confidential Computing with Anjuna enables a powerful, unique, and fully automated method to eliminate the risks of secret management and obtain the initial secrets. Anjuna Enclaves can generate hardware-based attestation reports that cryptographically prove the application’s identity and that the application is running inside a Secure Enclave. Unlike secrets stored in files or environment variables, attestation reports cannot be re-used or forged by attackers - they are analogous to biometry with liveness detection instead of a password.

The attestation report is used to prove an application’s identity to the Anjuna Policy Manager (APM). When the application running in the enclave starts, the Anjuna Runtime will authenticate and attest itself to the APM using the enclave’s attestation report. After fetching the application’s secrets, the Anjuna Runtime will transparently make them available to the application running in the enclave.

An attacker cannot gain access to the secrets in the APM, because they cannot prove their identity with a valid attestation report. Only a valid application running inside an Anjuna Enclave can do so, and the hardware encrypts its memory in use. In addition, the APM’s memory is encrypted and isolated by the hardware since it also runs within a Secure Enclave.