undefined | Better HN

0 pointsXylakant1y ago0 comments

An attacker gaining temporary capability to encrypt/decrypt data through a compromised instance is painful. An attacker gaining a copy of a private key is still an entirely different world of pain.

0 comments

evantbyrne1y ago

Painful is an understatement. Keys for sensitive customer data should be derived from customer secrets either way. Almost nobody does that though, because it requires actual forethought. Instead they just slap secrets in KMS and pretend it's better than encrypted environment variables or other secrets services. If an attacker can read your secrets with the same level of penetration into your system, then it's all the same security wise.

XylakantOP1y ago

There are many kinds of secrets that are used for purposes where they cannot be derived from customer secrets, and those still need to be secured. TLS private keys for example.

I do disagree on the second part - there’s a world of a difference whether an attacker obtains a copy of your certificates private key and can impersonate you quietly or whether they gain the capability to perform signing operations on your behalf temporarily while they maintain access to a compromised instance.

evantbyrne1y ago

It's all unencrypted secrets from perspective of an attacker. If they somehow already have enough access to read your environment variables, then they can definitely access secrets manager records authorized for that service. By all means put secrets management in a secondary service to prevent leaking keys, but you don't need a cloud service to do that.

fireflash381y ago

It's the same pain, since the resolution is the exact same. You have to rotate.

j / k navigate · click thread line to collapse

0 comments

evantbyrne1y ago

XylakantOP1y ago

There are many kinds of secrets that are used for purposes where they cannot be derived from customer secrets, and those still need to be secured. TLS private keys for example.

evantbyrne1y ago

fireflash381y ago

It's the same pain, since the resolution is the exact same. You have to rotate.

j / k navigate · click thread line to collapse