Attestation with the Anjuna Policy Manager
| This section is focused on using the Anjuna Policy Manager with Google Cloud. For Microsoft Azure, see Fetching secrets using the Anjuna Policy Manager. The two sections will be combined in a future release. |
The Anjuna Policy Manager (APM) enables a secret store to control access to secrets based on an application’s identity. It solves the problem of secure initial secret management.
While data is encrypted in-use with confidential computing, most applications will need one or more initial secrets when it starts. The secrets are typically accessible by the application on the filesystem or as environment variables.
For example, an application server needs a private key and certificate to prove its identity to client applications that connect to the server. Even if these were stored in a key management system (KMS), the application needs a secret to authenticate to the KMS first.
Securing these secrets is challenging, because there is no built-in mechanism to provide secrets to the application server without changing the application code to securely retrieve them. Encrypting these secrets on the enclave disk image is equally challenging, since the application needs the matching key to decrypt the secrets.
Confidential computing enables a powerful, unique, and automated method to eliminate the risks of secret management. A GCP Confidential VM enclave can generate a vTPM 2.0 attestation report, which cryptographically proves that a particular application is running in an enclave. Unlike a secret token stored in a file or environment variable, it cannot be used by an attacker even if stolen - it is like a biometric with liveness detection, instead of a password.
| For more details on the attestation report, see Identifying the Software in an AMD SEV Confidential VM. |
The attestation report is used to prove an application’s identity to the APM. When the application running in the enclave starts, the Anjuna Confidential Container will authenticate to the APM with the enclave’s attestation report. After fetching the application’s secrets, the Anjuna Confidential Container will transparently make them available to the application running in the enclave.
An attacker cannot gain access to the secrets in the APM, because they cannot prove their identity with a valid attestation report. In addition, because the enclave’s memory is encrypted in-use by the CPU, the secrets fetched from the APM are now protected from attackers in the GCP Confidential VM. With the APM, it is now possible to securely manage secrets.