Mini Disclaimer: Nothing here may be entirely accurate, these are results derived from my handwritten notes.
In terms of general concept, the solution found addresses creating an environment focused on the best storage, protection, and security of sensitive data.
The system is built on SPIFFE (Secure Production Identity Framework For Everyone), a secrets management system consisting of three core components:
- Spike Nexus — This is where encryption/decryption happens, and the "store" logic is established.
- Spike Pilot — The CLI (Command Line Interface) component.
- Spike Keeper — This is where backups are performed, and fault tolerance is ensured.
How Does the Interaction Work?
There is a digital identity document called SVID (SPIFFE Verifiable Identity Document), typically provided in either X.509 certificate or JWT format. This identity document authenticates and attaches to services for communication. With this standard, we can communicate between services.
What is an SVID?
An SVID is a certificate used within the SPIFFE ecosystem, usually in the form of an X.509 certificate or JWT. It contains:
- Public Key: Used directly for encryption.
- Subject: Identifies the owner of the certificate.
- Issuer: The entity that issued the certificate.
- Validity Period: The date range during which the certificate is valid.
- Alternative Identifiers: Other identifiers for the entity.
This certificate is used in SSL (TLS) encryption.
Zero Trust
I hear this term a lot. Unlike traditional methods, it is a security system with short-lived, automatically redirected (and revoked when necessary) access. Passwords are not shared, and it's not network-based security. As the historian ESG teacher once said, "The hearts are the same, but the wallets are separate."
How Do These Components Communicate?
There are four components involved:
- Application: The app itself.
- SPIKE Pilot: The CLI where administrators can generate secret keys.
- SPIKE Nexus: The central hub for secret keys.
- SPIKE Keepers: Each SPIKE Keeper holds a part of the root key, known as the Shamir Secret Share.
Here’s how the communication works:
- Application: Communicates with SPIKE Nexus over an mTLS connection and retrieves the secret keys. The application can use the SPIKE Developer SDK to avoid manual setup of the mTLS infrastructure.
- SPIKE Pilot: This is the CLI where administrators can generate secret keys. When generating keys, it communicates with SPIKE Nexus over mTLS.
- SPIKE Nexus: The central hub for secret keys.
- SPIKE Keepers: Each SPIKE Keeper holds a part of the root key, known as the Shamir Secret Share. This technique splits the secret key into multiple parts, each of which does not represent the entire key by itself, applying a security technique that makes it impossible to retrieve the whole key with only one part.
Example of Fault Tolerance
Let’s assume SPIKE Nexus and SPIKE Keepers crash and restart simultaneously.
- Root Key Recovery: If the root key is lost, and there aren’t enough Shards (pieces) of the key, recovery might be impossible. However, Shard backups can be used to recover and reconstruct the root key.
Manual Recovery Process:
- Backup Shards: Use previously backed-up Shards to start the recovery process.
- SPIKE Pilot Tool: The operator provides the shards, which are sent to SPIKE Nexus.
- Shard Restore: The system confirms that the shards are successfully restored and tracks the progress.
- Reconstruction of Root Key: Once enough shards are restored, the root key is reconstructed.
What is mTLS?
I mentioned mTLS (Mutual TLS) extensively above. It’s essentially “mutual” communication, where both sides use digital certificates, making it more secure than regular TLS.
Advantages of mTLS:
- Mutual Authentication: Both parties authenticate each other.
- Stronger Security: Unlike traditional methods, it verifies identities from both ends of the connection.