Are secrets hidden from admins too - ?

[lejeczek]

On 16/08/2021 10:32, Martin Kletzander wrote:
> On Mon, Aug 09, 2021 at 11:48:11AM +0100, lejeczek wrote:
>> Hi guys.
>>
>> On a remote & "shared" systems - are private secrets
>> completely 100% safe? Can root get to those?
>> (naturally excluding hacking of unknown bugs & exploits and
>> theories such as "no computer system is ultimately safe")
>>
>
> Well, the secret needs to be kept somewhere.  The most 
> secure you can
> get with secrets is the ephemeral ones, but those still 
> need to be kept
> in memory.  You could encrypt them, but then you would 
> need to provide
> the decryption passphrase or key when you want to use them 
> and that
> would be like providing the secret itself anyway.  Even 
> thought there
> are some limitations to unlimited memory access in Linux 
> when someone
> has root access you have to assume they have access to 
> what the system
> has access too.
>
yes, my bad I was not clear on that - yes private & ephemeral.
Those 'secrets' virsh says cannot "get" back to me, even to 
me root, so that's good. So here, I wonder', if there is a 
technique which a malicious root could use to a secret.

> The best you can do to mitigate that is using something 
> like Intel SGX,
> AMD SEV and such like.  There is Launch Security [0] in 
> libvirt, but I
> think it only supports SEV and something on s390.  But I 
> do not have any
> experience with those.
>
> [0] https://libvirt.org/formatdomain.html#id113
>
"Launch Security" - I was not even aware of. Busy with admin 
stuff and not checking changelogs, bad me again. Thanks for 
that.

>> And if answer is yes then - do you have any best practices
>> for storing & managing of those secrets?
>>
>> many thanks, L.
>>