What are some of the common approaches used to store and use secrets so as to not include passwords and userIDs in line in code or data within the Losant platform?
I am currently testing storing USERID and PASSWORD in the GEA container but a function node can still call the GEA to pull the password stored within the container.
I have ideated and experimented using Azure KeyVault or an AWS/GCP equivalent for storing secrets.
Goal: Secure device password/userID within the Losant platform.
Question: What does Losant recommend? What have other customers used to secure device secrets?
THANK YOU
Hey @CyberJMC66!
As of right now, the most common place to store credentials, and the one we generally recommend, is within Application Globals. If the credentials are per-device, then Device Tags are used.
For the cloud, we are releasing a first-class credential storage system very soon. These credentials, once provided, can never be directly viewed or accessed again by any Losant user. They are tied to specific cloud services and can only be used to authenticate against those services. These credentials also have a second layer of encryption within our database. This means even if our backups, which are also encrypted, are ever exposed, the credentials within those backups remain encrypted.
For the edge, things get far more complicated. For the workflow process to access the credentials, they must be stored somewhere. As you’ve noted, if the workflow process can access them in any way, a Function Node will also be able to access them.
We have explored third-party credential storage systems, but a similar problem arises. There must be an access key persisted somewhere to request tokens from the service. A TPM can protect the key from the outside, but the workflow process will eventually require the unencrypted key, so any workflow developer is likely able to obtain it.
The best recommendation we have is to treat anything you store on a physical device as vulnerable. If someone has physical access to your gateway, it’s nearly impossible to completely secure the data stored on that gateway. For this reason, every gateway should have its own access key/secret for authenticating against Losant’s broker and if you’re accessing third-party services directly from the device, each one should have its own token. This way, if (and when) a device is exploited, the person is only able to masquerade as that device and is unable to obtain or impact anything else.