Ensuring High-Availability and Security for Secret Management in EGI Cloud
Published on:
October 29, 2024
Abstract
Secret management is an important security service within the EGI Cloud Federation, encompassing the management of various types of secrets, including tokens and certificates, along with their secure delivery to target cloud environments. Given its critical role, high availability and security are paramount. The service must remain operational continuously, even in the event of individual component failures. This is achieved through the configuration of three geographically distributed Vault servers connected in a cluster, complemented by Dynamic DNS to facilitate seamless switching of generic service endpoints during failures. Additionally, the service incorporates several security enhancements, including client-side encryption and a locker mechanism to ensure the secure delivery of secrets to virtual machines (VMs) in the cloud.
DOI: https://doi.org/10.22323/1.458.0015
How to cite
Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating
very compact bibliographies which can be beneficial to authors and
readers, and in "proceeding" format
which is more detailed and complete.