Best Practices

Protect and limit access to the APM admin tokens

The token used to authenticate admins to the Anjuna Policy Manager (APM) allows the modification of secret content and access policies. If an attacker gains access to an APM admin’s token, they would be able to perform administrative actions and expose secrets. Contact support@anjuna.io for guidance for limiting access to APM admin tokens.

Remote attestation at boot-time

It is recommended to configure each application to fetch at least one secret from the APM. This ensures that the APM performs remote attestation on each new Anjuna Confidential Container to confirm it is running the expected software in a secure enclave.

Certificate pinning

Anjuna Confidential Containers should use the apmConfig.caCert configuration field to verify the certificate of the APM Server. This prevents man-in-the-middle attacks where an attacker tries to impersonate the APM.