Managing Secrets through Secret Manager


Introduction

This document talks about the process through which the customer can secure Secrets which can be used in various application functionalities, which otherwise are stored in unsecured manner in some local files.


Cripsa SECRET MANAGER tool used to securely store and manage secrets, such as passwords, API keys, and other sensitive information. It provides a central repository for storing secrets and ensures that they are protected from unauthorized access.


Secrets are an essential part of modern software applications, and the management of these secrets is crucial to maintaining the security of the application. Cripsa SECRET MANAGER service provide several benefits, including:


  • Security: This service use encryption and access controls to ensure that secrets are only accessible to authorized users and applications.
  • Centralization: This service provides a central location for storing and managing secrets, which makes it easier to manage secrets across multiple applications and environments.
  • Automation: This service can be integrated with other tools and services to automate the process of securely retrieving and managing secrets.
  • Auditability: This service provide logs and audit trails that allow administrators to track who has accessed secrets and when they were accessed.

    Currently such kind of services can be used in a variety of contexts, including:


  • Cloud environments: Cloud providers such as AWS, Azure, and Google Cloud provide secret management services that can be used to manage secrets used by applications running in the cloud.
  • Containerized environments: Container orchestration platforms such as Kubernetes provide secret management features that allow applications running in containers to securely access secrets.
  • On-premises environments: Secret managers can be deployed on-premises to manage secrets used by applications running in private data centers or other environments.

Overall, a secret manager is a critical component of a secure application architecture that ensures that secrets are properly managed and protected throughout their lifecycle.


Cripsa goal is to provide Secret Manager kind of service to all the customers who has no footprint or no technical expertise in cloud and they want to secure there Applications by encryption of such sensitive Key-Values.


Client/Development team must have to perform the following tasks to Create/Update/Get/Delete SECRET MANAGER:

1. Register themselves as Developer in https://cripsa.com.

2. Create Secret through the API or through the Portal.

3. If there is a need to access Secret stored as part of Key-Value in above step call SECRET MANAGER Get Secret API inside their application logic.

Login as Developer in Cripsa

Login to Cripsa Dashboard by using email account


One Login SAML Image-1

One Login SAML Image-2

One Login SAML Image-3

After successful login the Developer will be routed to his Dashboard where he can see all the projects, he has created in the past with Cripsa.


Create Key-Value pair in Secret Manager

Our customer can use our Portal, as well as APIs, to create/Update/get/Delete Key Value pairs in Cripsa SECRET MANAGER. The following screen shot shows on how to create Key Value pair through Cripsa Portal by logging into it.


One Login SAML Image-4

Now click on Create Secret. The next screen will display some important values which needs to be saved somewhere.


One Login SAML Image-4

To make sure that the secret is unique across our multiple customers the Secret created in the format of /.


The customer might think of Secret name in the following format as well:


1. _ for eg: IT_OracleDBCredential where IT is and is Oracle Database Credentail information.

2. _ for eg: IISMigraftionProject_ClientDetail. Here the is IISMigrationProject and is ClientDetail which might include Keys like APIKeys, CleintID, ClientSecret etc.

3. _ for eg: “qwert2345sdrt_ClientDetails” where ‘qwert2345sdrt’ represents and ClientDetails represents .


Get/Update/Delete/Restore Key-Value pair

Storing and accessing sensitive information through the use of Secret Manager in the cloud is one of the best secure ways used by various organization. By encrypting the values, requiring an Organization ID and Domain information to access them, we have taken steps to ensure that the information is protected from unauthorized access.


These Key Value pair has been saved in Secret Manager in cloud so that whenever there is a need to access such critical information by any application or by any person then they can easily call the APIs and get the information. In other words, this critical information is just an API call apart.


These Values are stored in encrypted format and to access the values our client has to provide Organization ID and Domain information. Organization ID is 25 character long string which is very hard to predict and it is associated with the domain the first time our customer creating any Secret Key Values in our Secret Manager. The combination of Organization ID and Domain is unique, and it is matched first before any Secret Key Value is shared to our customer. In other words, while creating this product we have considered all security aspects through which the Secret Key Values will be protected and can not lead to leaking in the hands of hackers’


The use of a unique Organization ID and domain combination adds an additional layer of security to prevent potential attackers from guessing or predicting the correct credentials to access the sensitive information.


Overall, Cripsa has developed a service/product through which our client has implemented a secure and reliable system for storing and accessing sensitive information.


For information about how to get Secret Values one can see the API document


https://cripsa.com/kms-secretmanager-app-get-secret


The postman request detail has been shown below:


One Login SAML Image-6

One Login SAML Image-6

As shown in the above screen shot the API Post call has to be made to the URL https://api.cripsa.com/v2/kms/kms-secretmanager-get-secret with certain parameters and it will return the value of the secret, which a developer can use inside their applications.


Similarly for Update one can see the documentation given at

https://cripsa.com/kms-secretmanager-app-update-secret


For Delete of the Secrets one can see the documentation given at

https://cripsa.com/kms-secretmanager-app-delete-secret


If accidently the secret has been deleted then from the background it is not deleted immediately but it will get deleted after 30 days. In between this if the customer wants to restore or retrieve then they can do that. For more information on how to restore/retrieve the secret please see the documentation given at

https://cripsa.com/kms-secretmanager-app-restore-secret