[Openid-specs-fapi] Securing server keys

Freddi Gyara freddi at ozoneapi.com
Wed Oct 6 17:18:24 UTC 2021 

All containers have a secret store accessible through a custom API or
environment variables.

To deliver those keys to a nginx, Apache etc.  The usual method is to mount
an encrypted ephemeral FS device and write files into it at bootup.

F

On Wed, 6 Oct 2021, 06:35 Anders Rundgren via Openid-specs-fapi, <
openid-specs-fapi at lists.openid.net> wrote:

> Hi List;
> This is an off-topic posting but maybe you guys have an idea about this
> anyway? :)
> There are tons of applications out there that depend on private or secret
> keys for securing server-to-server communication.
>
> This is a typical configuration:
>
>   // Application certificate
>    cert: fs.readFileSync('cert.crt'),
>    // Private key associated with application certificate
>    key: fs.readFileSync('key.pem'),
>    // Public certificate chain.
>    ca: fs.readFileSync('ca.pem'),
>
> Open question: How do you envision that this problem could be addressed?
>
> thanx,
> Anders
>
>
>
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>

-- 


The information in this email is confidential and solely for the use of 
the intended recipient(s). If you receive this email in error, please 
notify the sender and delete the email from your system immediately. In 
such circumstances, you must not make any use of the email or its contents.
 
Views expressed by an individual in this email do not necessarily reflect 
the views of Ozone.
 
Computer viruses may be transmitted by email. Ozone 
accepts no liability for any damage caused by any virus transmitted by this 
email. E-mail transmission cannot be guaranteed to be secure or error-free. 
It is possible that information may be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission.
 
Ozone Financial 
Technology Limited t/a Ozone. Registered office: 86-90 Paul Street, London, 
EC2A 4NE. Registered in England and Wales. Registered number: 10969115.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20211006/63a74ed4/attachment-0001.html>

More information about the Openid-specs-fapi mailing list