Leveraging Remote Attestation to protect the Pod sensitive configuration
Remote attestation is the foundation for establishing trust in a workload running inside an enclave. One key use case is protecting a workload’s initial secrets.
Anjuna provides a simple mechanism for delivering initial secrets to a workload. Anjuna’s Encrypted Configuration mechanism leverages remote attestation to deliver those secrets securely, without requiring any changes to the application. As with running outside of EKS, Anjuna Kubernetes Toolset for AWS EKS supports two methods to provide an Encrypted Configuration to a Confidential Container.
Method 1: Local Encrypted Configuration
This method supports providing a Local Encrypted Configuration to the enclave running in the Pod. This allows different launches of the same enclave, based on the same EIF, to use different secrets. Some examples include the following:
-
If different users of the Pod have different secrets that they want to pass to it
-
If the same EIF should be used for different execution environments (such as Dev, Test, and Prod)
By changing the specific Encrypted Configuration provided to the enclave, different secrets may be injected. This requires that the Local Encrypted Configuration be available to the launcher Pod. With this information, the launcher Pod will deliver the Local Encrypted Configuration to the enclave.
For detailed instructions, see Using a Local Encrypted Configuration.
Method 2: S3 Encrypted Configuration
This method supports an S3 Encrypted Configuration. With this method, a pre-built EIF that uses an S3 Encrypted Configuration can be used without further modifications.
Because its type is s3,
the S3 path was already specified inside the enclave configuration file
that was used when the EIF was built.
Though this process is more simple than using a Local Encrypted Configuration, using S3 has limitations. Because the S3 path is hard-coded in the EIF, it cannot be changed at launch. This means the same EIF cannot be used with two different Encrypted Configurations. The advantages of using a Local Encrypted Configuration are listed above, in Method 1: Local Encrypted Configuration.
For detailed instructions on S3 Encrypted Configurations, start with Setting up an AWS KMS key in the Providing secrets to the AWS Nitro Enclave section. Additional instructions specific to S3 follow on the subsequent pages.