You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SPIKE's current trust model treats the backing store as "untrusted".
Which means anything in the backing store that is sensitive or can be used as an attack vector shall be encrypted.
We already encrypt secrets in the backing store;
however policies are stored in plain text.
The spiffe_id_pattern and path_pattern of a SPIKE policy (although much less sensitive than a secret) can be used by and adversary as a data point to devise attacks against SPIKE Nexus. Thus they should be encrypted too.
The text was updated successfully, but these errors were encountered:
SPIKE's current trust model treats the backing store as "untrusted".
Which means anything in the backing store that is sensitive or can be used as an attack vector shall be encrypted.
We already encrypt secrets in the backing store;
however policies are stored in plain text.
The
spiffe_id_patternandpath_patternof a SPIKE policy (although much less sensitive than a secret) can be used by and adversary as a data point to devise attacks against SPIKE Nexus. Thus they should be encrypted too.The text was updated successfully, but these errors were encountered: