Menu
Cryptography is a widely adopted techonlogy to ensure confidentiality. Not considering implementation flaws, it has a single critical point: the secret key storage. If the secret key is stolen, the whole system will be compromised.
EDIT :
let me specify the context to make the question less broad:
Maybe the questions can be focused on this scenario but, as pointed out, the problem of the secret key storage is transversal to the adopted technologies. However some libraries might offer peculiar features that can somehow facilitate the work. A clear point is that a tradeoff has to be found between security and the need to do practical things. To complete the analysis it is obvious that the required security level depends on the value of information to secure. It is senseless to flip our minds to enforce super-secure strategies (demanding a very lot of efforts) to keep secret the shoe size of a customer.
Here, I have to secure an email password (that will be stored in a db). I consider this information average critical.
What I'm looking for here, is the best solution with reasonable effort.
So the question is very clear: where would you store this information?
.war package? How do you prevent unauthorized accesses to the sources?motivations for your strategy will be appreciated. thank you
766
The best place to store an API key is in a secrets manager.
A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.
Most of your application secrets would be different for different environments and it is better to keep them in cloud. You can have environment specific secret managers in cloud and your CI/CD tool does not even need to handle different environments differently.
I take the liberty to write an answer even if this doesn't have anything to do with a Java Web Application: I think the problem exists in only minor variance with all platforms.
Basically there are 3 candidates for key storage, the first 2 of which you mentioned:
You already put your finger on the weak points of the first 2, so no need to repeat, I fully agree.
This is also the motivation for me to use the third candidate. The reasoning is this:
65
No matter what you always need to store somewhere the secret key. Even if you decide (which is silly) that you provide key manually, then the key resides in memory and someone can find it.
Where you store it depends on your choice. However it should not be in plain text. So if you store a key in database, then use hard-coded secondary key in application. So if intruder has only access to db, then the encrypted main key is protected.
I would go for application configuration to store secondary key in container. That way only your application will have access to this properties. So the attacker will have to take control over your application or container to get access to that key.
So assuming following scenarios:
To make it harder for attacker. You can place file in file system. As described in other answer add appropriate FS permissions to it. But additionally use java Security Manager to restrict access for all java classes except the one that really needs to read it. Also restricting modification to your jar and class files would be a good idea.
The more locks you have the more secure you are. As it is with standard door lock. The locks should be from different vendors and with different mechanisms. But at the end the skilled burglar will get into anyway.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
