Many services that run in Docker containers need to have access to highly sensitive secrets—examples include SSL certificates and API keys. Services like Vault and Keywhiz were developed to manage secrets to central authority; however, most of these secret management services require a secret to already be present. This presents a bootstrapping problem. To solve this, CloudFlare created PAL, a new tool for bootstrapping secrets in Docker containers.
PAL (permissive action link—named after a tool used to prevent unauthorized detonation of nuclear devices) works by binding identity secrets to Docker containers and decrypting them at launch time through a service running on the host. Permissions require M of N authorization and are handled through a service called Red October. This allows you to simply and transparently bootstrap service-specific secrets.
Nick Sullivan describes the design and implementation of this service and explains how CloudFlare uses it to protect secrets for its billing platform and private key infrastructure. Nick concludes by exploring CloudFlare’s plans to use PAL for service-to-service authorization.
Nick Sullivan is a leading cryptography and security technologist. He currently works on cryptographic products and strategy for CloudFlare. Previously, Nick held the prestigious title mathemagician at Apple, where he encrypted books, songs, movies, and other varieties of mass media.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org