Scalable and automated secret management
First Claim
1. A method for secret management, comprising:
- automatically generating a first secret used to access a resource;
securely storing the first secret with other secrets;
determining when a request is made from a user for the first secret;
providing the first secret to access the resource a single time;
determining when the first secret has expired;
determining when the user is authorized to access the resource by using a lock-box to analyze a plurality of predefined conditions, wherein the lock-box evaluates user authorization at predetermined intervals, wherein using a lock-box that analyzes a plurality of predefined conditions, further comprises revoking the user authorization to access the resource;
automatically generating a second secret to replace the first secret in response to determining that the first secret has expired and the user is authorized to access the resource; and
replacing the first secret with the second secret.
3 Assignments
0 Petitions
Accused Products
Abstract
A secret (e.g. a password, key, certificate) is automatically generated by a system. For example, at the time of deployment of a computing machine, a password may be generated and securely stored by the system with other secrets. The password may be used by the system to perform various operations (e.g. configuring the machine, . . . ). When a secret is requested by a user to access a resource, a secret is provided to the user. Once the secret has been utilized by the user, the secret is reset and replaced with a newly generated secret. All/portion of the secrets may also be automatically regenerated. For example, when a breach occurs and/or is suspected, each of the secrets may be replaced with newly generated secrets and securely stored. Auditing and reporting may also be provided (e.g. each request/access to a secret is logged).
149 Citations
19 Claims
-
1. A method for secret management, comprising:
- automatically generating a first secret used to access a resource;
securely storing the first secret with other secrets;
determining when a request is made from a user for the first secret;
providing the first secret to access the resource a single time;
determining when the first secret has expired;
determining when the user is authorized to access the resource by using a lock-box to analyze a plurality of predefined conditions, wherein the lock-box evaluates user authorization at predetermined intervals, wherein using a lock-box that analyzes a plurality of predefined conditions, further comprises revoking the user authorization to access the resource;
automatically generating a second secret to replace the first secret in response to determining that the first secret has expired and the user is authorized to access the resource; and
replacing the first secret with the second secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
- automatically generating a first secret used to access a resource;
-
8. A computer-readable storage device storing computer-executable instructions for secret management, comprising:
-
automatically generating a first secret used to access a resource; securely storing the first secret with other secrets; determining when a request is made from a user for the first secret;
providing the first secret to access the resource a single time;determining when the first secret has expired; determining when the user is authorized to access the resource by using a lock-box that analyzes a plurality of predefined conditions, wherein the lock-box evaluates user authorization at predetermined intervals, wherein using a lock-box that analyzes a plurality of predefined conditions, further comprises revoking the user authorization to access the resource; automatically generating a second secret to replace the first secret in response to determining at least one of;
the first secret has expired and the user is authorized to have access to the resource; andreplacing the first secret with the second secret. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for secret management, comprising:
-
a processor and a memory; an operating environment executing using the processor; and a secret manager that is configured to perform actions comprising; automatically generating a first secret used to access a resource; securely storing the first secret with other secrets; determining when a request is made from a user for the first secret; providing the first secret to access the resource a single time; determining when the first secret has expired; determining when the user is authorized to access the resource by using a lock-box that analyzes a plurality of predefined conditions, wherein the lock-box evaluates user authorization at predetermined intervals, wherein using a lock-box that analyzes a plurality of predefined conditions, further comprises revoking the user authorization to access the resource; automatically generating a second secret to replace the first secret in response to determining at least one of;
the first secret has expired and the user is authorized to have access to the resource; andreplacing the first secret with the second secret. - View Dependent Claims (16, 17, 18)
-
Specification