<div dir="auto">All containers have a secret store accessible through a custom API or environment variables.<div dir="auto"><br></div><div dir="auto">To deliver those keys to a nginx, Apache etc. The usual method is to mount an encrypted ephemeral FS device and write files into it at bootup.</div><div dir="auto"><br></div><div dir="auto">F</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 6 Oct 2021, 06:35 Anders Rundgren via Openid-specs-fapi, <<a href="mailto:openid-specs-fapi@lists.openid.net">openid-specs-fapi@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi List;<br>
This is an off-topic posting but maybe you guys have an idea about this anyway? :)<br>
There are tons of applications out there that depend on private or secret keys for securing server-to-server communication.<br>
<br>
This is a typical configuration:<br>
<br>
// Application certificate<br>
cert: fs.readFileSync('cert.crt'),<br>
// Private key associated with application certificate<br>
key: fs.readFileSync('key.pem'),<br>
// Public certificate chain.<br>
ca: fs.readFileSync('ca.pem'),<br>
<br>
Open question: How do you envision that this problem could be addressed?<br>
<br>
thanx,<br>
Anders<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-fapi mailing list<br>
<a href="mailto:Openid-specs-fapi@lists.openid.net" target="_blank" rel="noreferrer">Openid-specs-fapi@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-fapi" rel="noreferrer noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-fapi</a><br>
</blockquote></div>
<br>
<div><font face="Arial, Helvetica, sans-serif" size="2"><br></font></div><div><font face="Arial, Helvetica, sans-serif" size="2">The information in this email is confidential and solely for the use of the intended recipient(s). If you receive this email in error, please notify the sender and delete the email from your system immediately. In such circumstances, you must not make any use of the email or its contents.</font></div><div><font face="Arial, Helvetica, sans-serif" size="2"> </font></div><div><font face="Arial, Helvetica, sans-serif" size="2">Views expressed by an individual in this email do not necessarily reflect the views of Ozone.</font></div><div><font face="Arial, Helvetica, sans-serif" size="2"> </font></div><div><font face="Arial, Helvetica, sans-serif" size="2">Computer viruses may be transmitted by email. Ozone accepts no liability for any damage caused by any virus transmitted by this email. E-mail transmission cannot be guaranteed to be secure or error-free. It is possible that information may be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.</font></div><div><font face="Arial, Helvetica, sans-serif" size="2"> </font></div><div><font size="2"><font face="Arial, Helvetica, sans-serif">Ozone Financial Technology Limited t/a Ozone. Registered office: </font>86-90 Paul Street, London, EC2A 4NE<font face="Arial, Helvetica, sans-serif">. Registered in England and Wales. Registered number: 10969115.</font></font></div>