Are secrets hidden from admins too - ?
lejeczek
peljasz at yahoo.co.uk
Mon Aug 16 18:32:28 UTC 2021
On 16/08/2021 10:32, Martin Kletzander wrote:
> On Mon, Aug 09, 2021 at 11:48:11AM +0100, lejeczek wrote:
>> Hi guys.
>>
>> On a remote & "shared" systems - are private secrets
>> completely 100% safe? Can root get to those?
>> (naturally excluding hacking of unknown bugs & exploits and
>> theories such as "no computer system is ultimately safe")
>>
>
> Well, the secret needs to be kept somewhere. The most
> secure you can
> get with secrets is the ephemeral ones, but those still
> need to be kept
> in memory. You could encrypt them, but then you would
> need to provide
> the decryption passphrase or key when you want to use them
> and that
> would be like providing the secret itself anyway. Even
> thought there
> are some limitations to unlimited memory access in Linux
> when someone
> has root access you have to assume they have access to
> what the system
> has access too.
>
yes, my bad I was not clear on that - yes private & ephemeral.
Those 'secrets' virsh says cannot "get" back to me, even to
me root, so that's good. So here, I wonder', if there is a
technique which a malicious root could use to a secret.
> The best you can do to mitigate that is using something
> like Intel SGX,
> AMD SEV and such like. There is Launch Security [0] in
> libvirt, but I
> think it only supports SEV and something on s390. But I
> do not have any
> experience with those.
>
> [0] https://libvirt.org/formatdomain.html#id113
>
"Launch Security" - I was not even aware of. Busy with admin
stuff and not checking changelogs, bad me again. Thanks for
that.
>> And if answer is yes then - do you have any best practices
>> for storing & managing of those secrets?
>>
>> many thanks, L.
>>
More information about the libvirt-users
mailing list