Introduction to the Policy Manager

The Anjuna Policy Manager is a service that simplifies the management of cryptographic keys for use with the Anjuna Runtime.

Configuring the Anjuna SGX Runtime to transparently encrypt and decrypt files used by a protected application is as simple as specifying entries in the Anjuna SGX Runtime’s configuration file. This mechanism works well when a single application is used, or when the host running the application does not change. In such cases, relying on Intel® SGX sealing (encryption using a key accessible only to a secure enclave) is a simple way to protect data at rest.

When multiple applications are involved, on the other hand, or when encrypted files are moved between multiple hosts, managing the needed keys becomes more complex. The process of sharing such encrypted files can be greatly simplified by using a service that centrally manages access to the keys for the enclaves.

The Anjuna Policy Manager provides that service. It implements a streamlined solution for centrally managing keys and manages key-access policies for applications.

This section describes the Anjuna Policy Manager and explains how to install and configure it, how to prepare a protected application to work with it, and how to define policies that manage application access to cryptographic keys.