This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Best practice to store secrets?

Posted on 09-03-2020 07:49 AM
moritz
New Member
Reply posted on --/--/---- --:-- AM

What is the best practice to store secrets?

I am looking at the GenerateJWT policy. It says to set a secret key. The document references 'private.secretKey' but I don't understand what 'private' is?

What is best practice to store the secret key?

0 7 289
Topic Labels
0 Likes
7 REPLIES 7

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Best practice is to store the secret in encrypted kvm. private is used to hide a data in the trace.

But in case of encrypted kvm, it's mandatory to use private to store the value while doing get operation.

0 Likes

Posted on --/--/---- --:-- AM
ylesyuk
New Member
Reply posted on --/--/---- --:-- AM

There are three aspects of storing sensitive data.

- In transit

- At rest

- Developer troubleshooting production system.

To keep it secret from an internal bad actor that has an access to Apigee backend storage, you use Encrypted KVM. To maintain secrecy while your data moves between Apigee components, TLS is used between those components.

There is a third special use case, when for compliance reason you need to make sure that system administrator or developer who need to troubleshoot the proxies cannot see sensitive data (ie, PII data or credit card number, or PKI secrets). This requirements is called Data Masking and part of a solution is keeping data 'masked' during tracing in debug sessions.

You can create a variable at context and prepend its name with 'private.' prefix. Defined this way, you will not be able to see its value while tracing requests.

For details, See: https://docs.apigee.com/api-platform/security/data-masking

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ylesyuk
Reply posted on --/--/---- --:-- AM

The question is to store. How do you justify two more options?

0 Likes

Posted on --/--/---- --:-- AM
ylesyuk
New Member
In response to
Reply posted on --/--/---- --:-- AM

For completeness of the answer. the TS added: "but I don't understand what 'private' is?"

To explain how 'private' works in context of the whole journey of a piece of a sensitive data.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

private is a prefix to the variable which you don't want to be visible in the trace and not logged in the logs.

In encrypted KVM also this term is used so that the KVM extracted value will not be exposed in the trace.

0 Likes

Posted on --/--/---- --:-- AM
ylesyuk
New Member
In response to
Reply posted on --/--/---- --:-- AM

> private is a prefix to the variable which you don't want to be visible in the trace and not logged in the logs.


Can you please elaborate which logs and how private. prefix controls how variable is not visible in those logs?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to ylesyuk
Reply posted on --/--/---- --:-- AM

if you enable the log in debug mode, you normally see the logs in detail, even if you use message logging also that information does not go in logs.

0 Likes