<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Most container platforms have a way of <a href="https://docs.docker.com/engine/swarm/secrets/" title="https://docs.docker.com/engine/swarm/secrets/">
passing secrets securely to the container</a>. </div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The app could also leverage a KMS like <a href="https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-node" title="https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-node">
Azure Key Vault</a> or AWS KMS.</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
tim</div>
<div id="appendonsend"></div>
<div style="font-family:Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Openid-specs-fapi <openid-specs-fapi-bounces@lists.openid.net> on behalf of Anders Rundgren via Openid-specs-fapi <openid-specs-fapi@lists.openid.net><br>
<b>Sent:</b> Wednesday, October 6, 2021 01:35<br>
<b>To:</b> Financial API Working Group List <Openid-specs-fapi@lists.openid.net><br>
<b>Cc:</b> Anders Rundgren <anders.rundgren.net@gmail.com><br>
<b>Subject:</b> [Openid-specs-fapi] Securing server keys</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">Hi List;<br>
This is an off-topic posting but maybe you guys have an idea about this anyway? :)<br>
There are tons of applications out there that depend on private or secret keys for securing server-to-server communication.<br>
<br>
This is a typical configuration:<br>
<br>
// Application certificate<br>
cert: fs.readFileSync('cert.crt'),<br>
// Private key associated with application certificate<br>
key: fs.readFileSync('key.pem'),<br>
// Public certificate chain.<br>
ca: fs.readFileSync('ca.pem'),<br>
<br>
Open question: How do you envision that this problem could be addressed?<br>
<br>
thanx,<br>
Anders<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
Openid-specs-fapi@lists.openid.net<br>
<a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-fapi&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C8cd388adf0a44eee42f908d9888b1069%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637690953595174240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YtmqHsScpUYNRVXqndibspmrYtGoopYV4uUHvrsl7zs%3D&reserved=0">https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-fapi&data=04%7C01%7Ctim.cappalli%40microsoft.com%7C8cd388adf0a44eee42f908d9888b1069%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637690953595174240%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YtmqHsScpUYNRVXqndibspmrYtGoopYV4uUHvrsl7zs%3D&reserved=0</a><br>
</div>
</span></font></div>
</body>
</html>