30 lines
1.3 KiB
Markdown
30 lines
1.3 KiB
Markdown
|
# Secret Propagation
|
||
|
|
|
||
|
|
Secrets are pieces of data which are not (necessarily) shared amongst all hosts
|
||
|
|
in a network. There are three clases of secrets:
|
||
|
|
|
||
|
|
* Secrets which are particular to a single host, and will never leave that host.
|
||
|
|
These values are not managed using the secrets manager, but rather are kept in
|
||
|
|
the bootstrap.
|
||
|
|
|
||
|
|
* Secrets which only a subset of hosts have. These secrets may be propagated to
|
||
|
|
other hosts, either automatically or by request of a user.
|
||
|
|
|
||
|
|
* Secrets which all hosts have. These are not really "secrets" from the
|
||
|
|
network's perspective, but are convenient to manage as such.
|
||
|
|
|
||
|
|
Secret propagation is related to the second two cases. Secrets to be propagated
|
||
|
|
are placed in a known sub-directory in the global bucket, destined either for a
|
||
|
|
single host or all hosts. When destined for a single host they are encrypted
|
||
|
|
using that host's public encryption key.
|
||
|
|
|
||
|
|
The known sub-directory is `/secrets`.
|
||
|
|
|
||
|
|
Secrets destined for all hosts are placed within that directory as-is, named for
|
||
|
|
the ID, in plaintext. These are never deleted, even though new hosts will be
|
||
|
|
given them as part of their initial bootstrap.
|
||
|
|
|
||
|
|
Secrets destined for a particular host are placed under `/secrets/<hostname>`,
|
||
|
|
named after the ID, encrypted using the destination host's public encryption
|
||
|
|
key. Once the destination host grabs a secret it will be deleted.
|