Amagi – Shielding your secrets using secure local vault

Sriram Krishnan – Senior Director, Security Engineering, Amagi

Shibly Meeran – Engineering Manager, Security, Amagi

Introduction

Exposure of credentials has emerged as a leading cause of data breaches across organizations. Verizon’s 2023 Data Breach Investigations Report reveals that external actors were involved in 83% of data breaches, with stolen credentials being exploited in 49% of these breaches. Furthermore, such breaches have severe consequences for businesses. According to IBM’s 2023 Cost of Data Breach Report, stolen or compromised credentials contributed to approximately 15% of data breaches, resulting in losses of $4.62 million.

“Keeping a Secret is Hard!” — a statement applicable to all aspects of life, especially in today’s digital world. In this cloud-native era, organizations encounter challenges in safeguarding secrets due to several factors:

1. Secrets are scattered across various systems and applications (e.g., Git, CI/CD systems, local machines, and cloud).
2. Often, these secrets are stored in unencrypted formats in these locations.
3. There are operational overheads in maintaining secrets, such as the need to rotate passwords in production systems, which may entail application downtime.
4. Many secret managers/vaults incur significant costs for organizations.
5. Organisations today may adopt a hybrid-cloud approach, which necessitates managing these secrets across multiple cloud environments. Scaling of these secret manager/vault solutions across the environment proves challenging.

In the current cloud-native landscape, the inadvertent exposure of secrets has become increasingly prevalent, as they are often stored in plain text across diverse environments. Because integrating traditional secrets manager solutions is a difficult process, developers often struggle to safeguard these secrets from source code repositories to the production environments. This article presents the solution Amagi has developed to overcome this challenge.

Context and challenges

Git repositories have become one of the main targets for attackers, as developers may push source code and configuration files with credentials in unencrypted format. This happens for two main reasons. First, the integration of a secret manager/vault requires substantial code modifications, thus hindering the developers from its implementation. Second, the process of securing secrets across various systems and applications demands prioritization and effort, which could potentially slow down their progress.

Additionally, the repositories housing such secrets are inadvertently made public. One can argue that if the repositories were private, these unencrypted secrets would be hard to compromise. However, there’s an uptick in the supply chain attacks that has led to the compromise of secrets in private Git repositories. To cite an example, the CodeCov supply chain attack breach allowed the threat actors to gain access to private Git repositories and further exploit applications using the obtained credentials.

The ideal solution should address the following requirements:

1. Ensure that a breach in Git does not lead to compromised secrets
2. Be developer-friendly, reducing operational overheads by
   1. Enabling seamless integration without significant code changes
   2. Facilitating secure sharing of secrets across different environments
   3. Allowing effortless rotation of secrets as needed
3. Manage and secure secrets across various environments
4. Support the auditing of secrets used across systems and applications
5. Be secure, scalable, and cost-effective

Solution

As an organisation, Amagi encourages the development of and contribution to open-source projects. As part of this initiative, Amagi’s security engineering team set out to develop a secrets manager tool that addresses and goes beyond the three key points mentioned in the previous section: developer-friendliness, secure sharing and management of secrets, and auditing and overall security.

Secure Local Vault (SLV) is a developer- friendly CLI tool that adopts a secure and decentralized approach to store, manage and share the secrets right from the code repository across various environments. SLV is a free and open-source solution (https://github.com/amagioss/slv) targeted towards the developer and cybersecurity community to securely manage secrets. In this approach, secrets are stored in an encrypted form in Github repositories of the teams.

For now, here are the main benefits of this approach:

1. Compromises of Git repositories will not expose secrets as they are encrypted.
2. A developer-friendly solution that can be used without much hassle:
   1. Command-line-based capabilities provide a simple and workable interface with a set of commands for users to manage secrets.
   2. Secrets are stored and retrieved directly in the repository.
   3. Integration is hassle-free as it is compatible with the following solutions:
      1. Key Management Service (AWS & GCP)
      2. Kubernetes

• GitHub Actions

1. Terraform Provider

1. Users with access to the repository can write or update secrets but cannot view them.

3. Auditing secrets is easier, directly from the codebase.
4. The solution supports an asymmetric key-wrapping technique to protect secret keys.
5. A quantum safe algorithm (CRYSTALS-Kyber1024) has been implemented to provide immunity from “harvest now, decrypt later” style of attacks.

Conclusion

Safeguarding secrets is crucial for organizations, requiring constant vigilance and proactive security measures. In today’s cloud-centric environment, there’s a demand for innovative solutions that not only ensure security but also factor in cost, scalability, and developer efficiency. In this regard, SLV offers a comprehensive solution to address organizations’ security, scalability, and productivity needs. It introduces a fresh approach to protecting, storing, and sharing secrets.

Search For More Content