slouchpie

slouchpie

Symmetric encryption of persisted data with ExCrypto - feedback very welcome

Hi all,

Today I had a problem that I needed to persist API keys from a 3rd party. I wanted to persist them in an encrypted way and I documented what I came up with:

If any grizzled veterans on here have some spare time, please read what I have written and tell me one of:

  1. I am about to be pwned and all my base captured if I don’t change something critical

  2. I have taken an OK approach but it could be a lot better

  3. I am a genius and you will give me a million dollars

Even if nobody reads it, maybe this will help somebody else with a similar problem in the future.

P.S. that website is still being built, so forgive any bad formatting.

Most Liked

Aetherus

Aetherus

If it’s a static key that never changes, you can just put it in a config file which only your service can read. If you feel the file system is not secure enough (for example, some dude steals your whole server), you can use LVM to encrypt the whole hard drive with a passphrase only you know.

slouchpie

slouchpie

That’s a good idea. My actual prod implementation is not revealed. I use the env var in the example for “ease of use”.

Encrypting the hard drive is always good advice! :heart:

dch

dch

Nice post thanks!

It’s not clear what your “threat model” is (read https://www.usenix.org/system/files/1401_08-12_mickens.pdf for some helpful humour on this BTW).

My threat model is that due to some unexpected bug in our web stack (OS → reverse proxy →
container → phoenix+BEAM) the code & config files are exposed.

I don’t account for state-level actors (govt spies, etc) who can subvert datacenter controls and gain physical access to the servers, for example. We use separate environments and keys for dev/test vs prod, too.

In this scenario I can expect all of these to be exfiltrated (stolen):

  • the code
  • the config files
  • any env vars I have
  • other runtime stuff lying around in filesystem

The only thing I’d add to your approach is never to store the the actual key in the code or env vars, if possible.

My general approach for securing keys is as follows:

  • use https://vaultproject.io/ or similar as a “cubby hole” to pass a one-time use key from the OS into the container, via env var
  • the container grabs this key, and if its invalid we crash (and its a security problem as the key has been used outside this container). If not, it unwraps the actual key(s) we need, and the one-time-use key (in an env var), is of no value anymore
  • the key is wrapped up in a fun() , which doesn’t show up as readable anymore in plaintext in a crashdump or similar OTP error message. This won’t stop somebody who has root level access in the container, but this requires an attacker to gain access to the container, and in addition gain root privileges. We hope our monitoring detects this!
  • every time we need the fun() we invoke it as part of building the API request. the cost of the fun is lost in the noise of the API call over the network.

This doesn’t solve the problem but it does make it harder to subvert.

Personally, I prefer APIs where the authentication is added as an HTTP Header (like Authorization: Bearer abc123deadcafe123 as this can be injected outside the container, on valid outbound requests, by a reverse proxy. This way, the container can be spun up without network access at all, no root privileges, and no useful credentials. This puts a lot of trust in the reverse proxy, but it’s not in the direct path of an attacker, so we win a little bit more here. But in your case you have a (very nice) per-user API key so that doesn’t work.

It’s also possible to have a key generated on the fly for each invocation of your program, but that’s advanced vault and may be overkill for your needs.

Where Next?

Popular in Discussions Top

andre1sk
A big advantage to Elixir is all the distributed goodness but for many applications running on multiple nodes having integrated Etcd, Zoo...
New
blackode
Elixir Upgrading is so Simple in Ubuntu and It worked for me Ubuntu 16.04 git clone https://github.com/elixir-lang/elixir.git cd elixir...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31265 143
New
AstonJ
Are there any Elixir or Erlang libraries that help with this? I’ve been thinking how streaming services like twitch have exploded recentl...
New
Crowdhailer
I’ve been hearing much about the new formatter and it’s something I have been keen to try. I find examples buy far the most illuminating...
248 19327 150
New
mbenatti
Following https://github.com/tbrand/which_is_the_fastest |> https://raw.githubusercontent.com/tbrand/which_is_the_fastest/master/imgs...
New
RudManusachi
What configs will make sense to put to runtime.exs? – A bit of how I configure apps: I have generic configs in config/config.exs, dev...
New
ben-pr-p
In general I’ve been sticking to this community style guide GitHub - christopheradams/elixir_style_guide: A community driven style guide ...
New
Qqwy
Looking at the stacks that existing large companies have used, WhatsApp internally uses Mnesia to store the messages, while Discord uses ...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Other popular topics Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
AstonJ
Please see the new poll here: Which code editor or IDE do you use? (Poll) (2022 Edition) It’s been a while since we first asked this, I...
208 31265 143
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52673 488
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement