[Openid-specs-fapi] Securing server keys

[Tim Cappalli]

Most container platforms have a way of passing secrets securely to the container<https://docs.docker.com/engine/swarm/secrets/>.

The app could also leverage a KMS like Azure Key Vault<https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-node> or AWS KMS.

tim

________________________________
From: Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net> on behalf of Anders Rundgren via Openid-specs-fapi <openid-specs-fapi at lists.openid.net>
Sent: Wednesday, October 6, 2021 01:35
To: Financial API Working Group List <Openid-specs-fapi at lists.openid.net>
Cc: Anders Rundgren <anders.rundgren.net at gmail.com>
Subject: [Openid-specs-fapi] Securing server keys

Hi List;
This is an off-topic posting but maybe you guys have an idea about this anyway? :)
There are tons of applications out there that depend on private or secret keys for securing server-to-server communication.

This is a typical configuration:

  // Application certificate
   cert: fs.readFileSync('cert.crt'),
   // Private key associated with application certificate
   key: fs.readFileSync('key.pem'),
   // Public certificate chain.
   ca: fs.readFileSync('ca.pem'),

Open question: How do you envision that this problem could be addressed?

thanx,
Anders




_______________________________________________
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-fapi&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C8cd388adf0a44eee42f908d9888b1069%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637690953595174240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YtmqHsScpUYNRVXqndibspmrYtGoopYV4uUHvrsl7zs%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20211006/26f5fe77/attachment.html>