Curtis
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
Which could just be done by providing actions/mutations/etc a JWT that was signed by Convex explaining what the action is (claims including code deploy id, which query/mutation/actione/tc, which convex app, etc)
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
I've been thinking about this... Instead of expecting a full KMS solution from Convex (which is a big ask), it would be sufficient to have some kind of way to securely identify a Convex app as the client for an existing cloud KMS
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
Yeah I think it's a big feature
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
It looks like Firestore doesn't have a full key management system built in, but it does have "secrets" which are separate from environment variables:
https://firebase.google.com/docs/functions/config-env?gen=2nd#secret_parameters
and which are loaded from GCP Secret Manager
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
This still does require that you trust that the HSM is only going to perform sensitive operations (e.g., signature generation, decryption) for authorized clients, but in order to do those operations you need to get in contact with the HSM, so you can't exfiltrate the key and then go dark but still forge signatures, etc; so basically the trust is reduced to trusting the audit log of the encryption service
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
If instead the key is generated within a Hardware Security Module, you don't have to trust anyone or anything except the manufacturer of the HSM / the due diligence of the provider hosting it (❤️ :convex:)
* developers cannot do anything to divulge the key, neither accidentally nor maliciously, because it never leaves the HSM
* Code dependencies cannot access the key because it never leaves the HSM
* Convex cannot even do anything to divulge the key even maliciously, because it can't be (non-destructively) extracted from the HSM
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
For example, if you want to generate a key pair and use it to generate signatures in Convex, here's all of the things that could go wrong that would result in the private key being breached (some of these being more paranoid than others):
* the developer could (either maliciously or accidentally) fail to generate the key with secure parameters
* e.g., a buggy crypto library version, insufficient entropy, re-using entropy
* the developer could (either maliciously or accidentally) fail to delete the key, or expose the key (e.g., in terminal logs, in laptop backups, or cloud storage like Google Drive, or screensharing/presenting, or through a virus, ...)
* the key could be captured by a buggy or malicious browser extension
* the key could be accidentally or maliciously saved in a password manager etc by a browser
Once it's installed as an environment variable,
* the key could be accidentally or maliciously exposed by a change to application code
* the key could be accidentally or maliciously exposed by someone at Convex (e.g., accidental logging is not uncommon!)
* the key could be accidentally or maliciously exposed by a code dependency
* the key can be viewed at any time on the Convex Environment Variables panel
and all of these are completely undetectable; i.e., you can never actually be sure that at any point in the process the key hasn't be accidentally or maliciously divulged
14 replies
CCConvex Community
•Created by Curtis on 12/31/2024 in #support-community
Does Convex have recommended processes for securing secrets / a secret key management feature?
I think any big cloud provider has a key management service; AWS has Key Management Service, GCP has Key Management, Azure has Key Vault and Managed HSM and others
It's important for defense-in-depth, though my risk tolerance is probably a lot lower than typical because of my previous experience in fintech companies
14 replies