Security credential deployment in cloud environment
First Claim
1. A method of deploying a security credential for an application deployed in a cloud, comprising:
- receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential;
retrieving the security credential using the authentication information;
encrypting, by operation of one or more computer processors, the security credential; and
transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for deploying a security credential for an application deployed in a cloud. An encrypted security credential is received from a remote system and is inserted into a virtual machine instance associated with the application. Upon deploying the virtual machine instance, embodiments transmit a request to a cryptex server for a decrypted security credential, the request including the encrypted security credential and a virtual machine identifier for the deployed virtual machine instance. The cryptex server is configured to retrieve metadata associated with the virtual machine identifier and to authenticate the deployed virtual machine instance using the retrieved metadata. Embodiments receive, from the cryptex server, the decrypted security credential for use by the application.
-
Citations
24 Claims
-
1. A method of deploying a security credential for an application deployed in a cloud, comprising:
-
receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential; retrieving the security credential using the authentication information; encrypting, by operation of one or more computer processors, the security credential; and transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium containing a program that, when executed, performs an operation for deploying a security credential for an application deployed in a cloud, the operation comprising:
-
receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential; retrieving the security credential using the authentication information; encrypting the security credential; and transmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a processor; and a memory containing a program that, when executed on the processor, performs an operation for deploying a security credential for an application deployed in a cloud, the operation comprising; receiving a request to deploy the security credential, wherein the request specifies the application and includes authentication information for obtaining the security credential; retrieving the security credential using the authentication information;
encrypting the security credential; andtransmitting the encrypted security credential to a cloud management system, wherein the cloud management system is configured to insert the encrypted security credential into a virtual machine instance associated with the application, and wherein the virtual machine instance, when deployed, is configured to transmit a decryption request including the encrypted security credential and metadata that identifies the deployed virtual machine instance to a cryptex server, wherein the cryptex server is configured to authenticate the application by comparing the metadata with attributes of the deployed virtual machine instance and is further configured to decrypt the encrypted security credential and return the decrypted security credential to the authenticated application. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification