Original link: https://dorole.com/2202/
Taking advantage of the suspected leak of the Shanghai Public Security database, we will sort out how to ensure the security of the keys in the project. Keys mostly refer to Key-Value key-value pairs, public and private keys, Tokens, etc., from hard-coding in early codes, to hard-coding of configuration files, and then to the birth of various configuration centers, such as Ctrip Apollo or HashiCorp Vault. In the continuous evolution, the security and flexibility are also greatly improved.
Hardcoding era : The key control will be completely determined by the developer. Once the code is leaked, the key will also be leaked. Even if the leak is not the source code, but the compiled Class file, Jar, War package, etc. can be easily decompiled Obtaining the source code is the most unreliable solution. It should be absolutely prohibited in actual projects, and Checkmarx SAST detection alarms should be added to the CI process to avoid leakage caused by negligence. The configuration file can only store the configuration used for testing, such as the user password for connecting to the local database, which can be dynamically replaced in the CI process. In this way, the key can be managed by the operation and maintenance personnel and completely isolated from the developer.
The era of microservices : With the increase of configuration items, after the separation of management responsibilities, a series of problems such as how to store, update, authorize, and manage keys are also born. Ctrip Apollo is a better solution and is currently the choice for most domestic projects. Its own stability and flexibility are still well done, with a good Web UI, and the integration with Spring Boot is also very simple.
Cloud native era : With the addition of Kubernetes, DevOps has undergone major changes. For containers, it is recommended to use Secret and ConfigMap to store keys and key-value pairs. At the same time, the addition of many roles, how to store keys safely, use keys safely, and better integrate with the basic platform, put forward higher requirements for key management. HashiCorp Vault is the best choice. Through a complex encryption mechanism, confidential information can be securely stored on the public cloud. In the CD process, the key is pulled and mounted to the container for use. For services, it can be done To full transparency, the disadvantage is that it cannot be changed in real time.
Of course, in addition to the need to properly keep the keys, the effective isolation of the environment is the last barrier. In the face of endless data leakage incidents, whether intentional or unintentional, hacking, perhaps you should consider whether it is necessary to collect and store them? Could a decentralized internet architecture be the way of the future?
This article is reprinted from: https://dorole.com/2202/
This site is for inclusion only, and the copyright belongs to the original author.