Shared access to vault key violates secrecy #13
Assignees
Labels
development
Standard development
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Imagine two key nodes A and B have synced a particular vault. Now A wants to update/add secrets and does not those secrets to be shared. Since the vault key for this vault is still the same, if B manages to somehow get the encrypted, updated version of the vault it will be able to decrypt it. We need to avoid this issue.
This can be done by never sharing the vault key. There is no need. A vault key should only be used to for encryption of secrets at rest for a particular keynode and only that keynode. This means each keynode will maintain its own private vault key (still symmetric) for each vault.
But how will a keynode be able to decrypt the vault on synchronisation? It won't. We are using git for transmission occurring the upper dir, which is sandboxed and secure. The transmission channel iteself it secure using tls. The vault is now in the recipients upper dir, once again secure. So at no point during the transmission of the decrypted vault from upper dir to upper dir, is the security violated. Once in the upper dir, the recipient can encrypt it with it's own vault key and persist it.
The text was updated successfully, but these errors were encountered: