System and method for providing least privilege access in a microservices architecture
First Claim
1. A method of providing administrative access to an endpoint server, the method comprising:
- responsive to receiving a key update request at a bootstrap server,generating an admin key at the bootstrap server,partitioning, at the bootstrap server, the admin key into a first portion and a second portion,transmitting, from the bootstrap server, the admin key to the endpoint server,deleting the admin key from the bootstrap server after transmitting the admin key to the endpoint server, andstoring, at the bootstrap server, the first portion and the second portion of the admin key in a secret management server;
receiving, at an admin server, a request for performing an admin operation on the endpoint server and the first portion of the admin key from a microservice server;
receiving, at the admin server, the second portion of the admin key;
generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key;
performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key;
deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server;
transmitting, from the admin server, a first key update request to the bootstrap server; and
transmitting, from the microservice server, a second key update request to the bootstrap server.
1 Assignment
0 Petitions
Accused Products
Abstract
System and method of providing administrative access to an endpoint server. In one example, the method includes receiving, at an admin server, a request for performing an admin operation on the endpoint server and a first portion of an admin key from a microservice server. The method also includes receiving, at the admin server, a second portion of the admin key. The method further includes generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key. The method also includes performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key. The method further includes deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server.
37 Citations
16 Claims
-
1. A method of providing administrative access to an endpoint server, the method comprising:
-
responsive to receiving a key update request at a bootstrap server, generating an admin key at the bootstrap server, partitioning, at the bootstrap server, the admin key into a first portion and a second portion, transmitting, from the bootstrap server, the admin key to the endpoint server, deleting the admin key from the bootstrap server after transmitting the admin key to the endpoint server, and storing, at the bootstrap server, the first portion and the second portion of the admin key in a secret management server; receiving, at an admin server, a request for performing an admin operation on the endpoint server and the first portion of the admin key from a microservice server; receiving, at the admin server, the second portion of the admin key; generating, at the admin server, a copy of the admin key based at least in part on the first portion and the second portion of the admin key; performing, via the admin server, the admin operation on the endpoint server using the copy of the admin key; deleting the copy of the admin key on the admin server after performing the admin operation on the endpoint server; transmitting, from the admin server, a first key update request to the bootstrap server; and transmitting, from the microservice server, a second key update request to the bootstrap server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system of providing administrative access to an endpoint server, the system comprising:
-
a bootstrap server including a bootstrap transceiver, a bootstrap memory, and a bootstrap electronic processor electrically coupled to the bootstrap transceiver and the bootstrap memory, wherein responsive to receiving a key update request, the bootstrap electronic processor configured to generate an admin key, divide the admin key into an first portion and an second portion, transmit, via the bootstrap transceiver, the admin key to the endpoint server; delete the admin key from the bootstrap memory after transmitting the admin key, and store the first portion and the second portion of the admin key in a secret management server; a microservice server; and an admin server including an admin transceiver, an admin memory, and an admin electronic processor electrically coupled to the admin transceiver and to the admin memory, the admin electronic processor configured to receive, via the admin transceiver, a request for performing an admin operation on the endpoint server and the first portion of the admin key from the microservice server, receive, via the admin transceiver, the second portion of the admin key, generate a copy of the admin key based at least in part on the first portion and the second portion of the admin key, perform the admin operation on the endpoint server using the copy of the admin key, delete the copy of the admin key stored in the admin memory after performing the admin operation on the endpoint server, and transmit, via the admin transceiver, a first key update request to the bootstrap server, wherein the microservice server is configured to transmit, via a microservice transceiver, a second key update request to the bootstrap server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification