Ignat is a systems engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as senior security engineer for Samsung Electronics’ Mobile Communications Division. His solutions may be found in many older Samsung smart phones and tablets.
Operating a large cluster, a datacenter or a distributed network involves dealing with a lot of secrets on your hardware. Almost in any case for any setup you have to deal with at least four types of secrets for each piece of hardware: SSH server key (or shell access key), key to bootstrap your configuration management system, disk encryption key and maybe some per-server credentials to access other services. Also, most of the times, these keys have to be set up before your configuration management kicks in, so automating this process may be hard. Security wise, it is important to control where and when those secrets are generated. Often, keys are generated by startup scripts. However, during initial boot (especially on diskless systems) the system may have low entropy level in its internal random number generator, so generated keys may end up being statistically weak. Once you have your keys, you need to store them somewhere securely. Encrypted disk is a great solution, but guess what? You need a key to access an encrypted disk, so there is a chicken-and-egg problem. Also, where do you store keys for diskless systems? This talk shows an approach how a simple combination of hardware support and little cryptography can deal with above issues and unify and simplify secret management for you hardware fleet.