undefined | Better HN

0 pointspjmlp5d ago0 comments

As do almost every microservice out there, by storing credentials in environment variables, an exploit that manages to read container's memory is enough.

I keep looking for frameworks that do it the right way, holding critical data encrypted all time, but it isn't a thing most people worry about.

0 comments

kenniskrag5d ago

What's the threat model. Where do you store the decryption key?

E.g. if my app needs a db connection I can ask a vault service but I need creds for that. The vault service can rotate the creds very fast but is it addition security.

pjmlpOP5d ago

The treat model is that your container gets owned.

The password should only exist in the process memory for the few lines of code to open that database connection, and then wiped after you got the handle.

Ideally, homomorphic encryption should be used instead.

https://en.wikipedia.org/wiki/Homomorphic_encryption

zbentley4d ago

> What's the threat model

Malicious code can read some/all memory in your container, but not necessarily execute. Plenty of such vulns exist.

> Where do you store the decryption key?

Not in memory. Either nowhere after use, on the filesystem, or otherwise accessible on-demand by performing IO.

j / k navigate · click thread line to collapse