What is the purpose / benefit of KMS?
- The KMS prevents the leakage of decryption keys, similar to an HSM, but HSMs are expensive and difficult to use. KMSs are inexpensive and easy to use because they have API endpoints.
- KMS shifts the problem of access control to encrypted data from a decryption key management problem (where granular access to impossible access and the ability to revoke it) is replaced by a identity and access management problem (where ACLs can be used to easily manage access, grant granular access, etc. and revoke access.)
- Increased auditability and control of access to encrypted data.
Give me a concrete example of a problem that KMS solves and has the advantage of using KMS:
KMS allows you to securely store encrypted secrets in git, so as to avoid leakage of decryption keys. You can control access to encrypted secrets at a specific level and revoke access without having to modify encrypted files.
What is Cloud KMS? How it works?
KMS is an encryption technique that corrects symmetric, asymmetric and HSM encryption faults. This is the basis of future encryption techniques such as encryption anchors.
Abrupt evolution of cryptography
- Symmetric encryption keys:
- The long password is used for both encryption and decryption.
- Pairs of public-private key of asymmetric encryption:
- The public key encrypts the data, the private key decrypts the encrypted data with the public key.
- HSM (hardware security modules):
- Make sure the private key is not disclosed.
- HSMs are expensive.
- HSMs are not user friendly or automation.
- KMS Cloud (Key Management Services):
- KMS is a trusted service that encrypts and decrypts data on behalf of customers. It essentially allows a user or machine to encrypt and decrypt data using their identity rather than encryption / decryption keys. (A client authenticates with a KMS, which verifies its identity against an ACL .If it has decryption rights, it can send encrypted data in a request to the KMS, which then decrypt them on behalf of the client and send the decrypted data to the client through a secure TLS tunnel.)
- KMS are cheap.
- KMS are exposed via the REST API, which makes them easy to use and automate.
- KMS are extremely secure, they allow to spend a decade without leaving a key decryption.
- The invention of the KMS encryption technique introduced 3 deadly features:
- When responding to a known violation:
Before KMS decryption keys are disclosed: You can not revoke a decryption key, which means that you need to rotate multiple decryption keys, re-encrypt all data with the new keys, and try your best to purge the keys. old encrypted data. While doing all of this, you will have to struggle with management to get permission to cause downtime for multiple production systems, minimize downtime, and even if everything is well done, you may not be able to completely purge old encrypted data, as in the case of git history, and backups.
After KMS, the identity information that has been disclosed is disclosed: the identity information can be revoked, it is useless. The nightmare of re-encrypting the data and purging the old encrypted data disappears. You must always rotate the secrets (identification information as opposed to decryption key), but the act of rotation becomes economical enough to be automated and planned as a preventative.
- The management of encrypted data goes from an impossible task involving distributed decryption keys to a trivial task of managing a centralized access control list. It is now possible to easily revoke, edit and assign granular access to encrypted data; and, as a bonus, since the KMS Cloud, IAM, and SSO federations integrate, you can leverage pre-existing user identities.
- Cryptographic anchoring techniques become possible:
- Network Access Control Lists can be applied to the KMS so that data can only be decrypted in your environment.
- KMS decryption rates can be monitored for a baseline. When an abnormal rate occurs, alerts and a rate limit can be triggered.
- When responding to a known violation:
- KMS decryption keys can be secured by an HSM.
- The leakage possibilities of the decryption keys are practically nil because the clients do not interact directly with the decryption keys.
- Cloud computing providers can afford to hire the best security professionals and implement the costly business processes necessary to keep key systems as secure as possible. Thus, the possibilities of leakage of the main keys are also almost zero.
How to use KMS?
- Mozilla SOPS is a tool that encapsulates / summarizes the KMS, it is ideal for securely storing encrypted secrets in git.
- Helm Secrets Plugin encapsulates Mozilla SOPS to allow you to securely store encrypted Kubernetes yubls in git, and then, when to apply them, the secret values are decrypted transparently at the last minute, just before they happen. pass into a TLS tunnel encrypted directly on kube-apiserver, then Kubernetes can use KMS to encrypt Kubernetes secrets again, so that they are encrypted in a database etcd.
- You can use it with any tool, independent of the cloud, click here to learn more.