Secrets Management

In this article we discuss the encryption and management of edge apps' parameters that need to be kept secret. For simplicity we'll call them "secrets".

Node key

During the node registration procedure every node generates a public-private key pair (PubK_N, K_N) and sends the public key to the backend which stores it together with the node ID. The private key K_N never leaves the node. The purpose of the node keys is only to facilitate the secure distribution of the organization's secret key to the nodes.

Organization key

When the user initiates the generation of the organization key, a symmetric key K is generated randomly in the weeve web application. The key K is only presented locally in the user's browser to be saved somewhere securely. This is shown only once, and if lost, cannot be recovered.

Organization key distribution

To onboard a node to use secrets, the user enters the organization's secret key K into the browser. The application will download the public keys PubK_N of the nodes participating in the distribution and encrypt K locally with n different PubK_N, thus resulting in n different messages K_encrypted_N = enc(K, PubK_N). Those messages will be sent to the backend which will cache them and forward them to the corresponding nodes.
At the node, the message enc(K, PubK_N) will be decrypted with this nodes private key K_N and the resulting organization key K will be stored in the part of RAM that belongs to the weeve agent. This way the organization's secret key K is never stored in plaintext either on nodes or in the backend.
If a node loses K (e.g. in case of a restart) it can request the cached message enc(K, PubK_N) to be delivered again.
In case that the key K is compromised the user can generate a new one and repeat the distribution procedure.
With this, the platform is ready to manage secrets that are only known to the organization, not the platform administrator or anyone with access to the backend's database.

Using secrets

When a user creates a new secret in weeve's web app, they are prompted to enter the organization's key K. It is used by the web app to encrypt the secret value V with a symmetric encryption scheme in the browser creating enc(V, K). The encrypted value is then sent to the backend, where it is stored together with it's label to be used in edge apps' manifests.
When creating an edge application, the user can choose to use secrets for any text field parameters. The backend will then put the right enc(V, K) according to the labels in the manifest.
When deployed on a node, the node will be able to use K from RAM to decrypt enc(V, K) and provide the plaintext value V to the edge app. The value V will also only be stored in RAM and handled according to the edge app's logic.