Secret and encryption management subsystem

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Overview

The Secret and encryption management subsystem stores sensitive data and controls access to tokens, passwords, certificates, and encryption keys for the Platform and registries.

2. Subsystem functions

  • Storing tokens, passwords, and certificates

  • Provisioning encryption keys to the Registry regulations modeling subsystem

  • Access control to the sensitive data stored in the subsystem

3. Subsystem technical design

secret management.drawio

Secret and encryption management subsystem comprises HashiCorp Vault secret and encryption management service.

The Vault server always starts in sealed state, and can’t decrypt the date stored in it. Before executing any Vault operation, the server needs to be unsealed by creating the main key, required to decrypt the encryption key. See Seal/Unseal for more information.

HashiCorp Vault is unsealed automatically in the Platform, using the Secret and encryption management service of the Platform service subsystem, which takes the role of Transit Engine. See detailed information on auto-unseal with transit engine.

4. Subsystem components

Component name Namespace Deployment Source Repository Function

Secret and encryption management service

user-management

hashicorp-vault

3rd-party

github:/epam/edp-ddm-platform-vault

The instrument for secure secret management, and critical data access protection in computing environments.

Certificate management service

cert-manager

cert-manager

3rd-party

gerrit:/mdtu-ddm/infrastructure/service-mesh

The instrument for managing certificates and certificate issuers as resource types in Kubernetes and OKD clusters.

5. Technology stack

The following technologies were used in subsystem design and development:

6. Subsystem quality attributes

6.1. Security

The subsystem uses resilient encryption algorithms to store critical data and realizes reliable access control.

6.2. Scalability

The subsystem is developed with horizontal and vertical scaling in mind, which allows it to react to growing workloads. The ability of the subsystem to support scaling is provided by the container orchestration platform.

See detailed info in the following document: Container orchestration platform

6.3. Observability

The subsystem keeps detailed logs on attempts of authentication, secret receiving, and other operations, thus complying with the regulatory requirements.

Additionally, the user and role management subsystem supports the logging of incoming requests, and collecting productivity metrics, and subsequent analysis via web-interfaces of the corresponding Platform subsystems.

See detailed info in the following documents: