cloudfuse icon indicating copy to clipboard operation
cloudfuse copied to clipboard
verified publisher icon Seagate

Use memguard for secrets

Open jfantinhardesty opened this issue 1 year ago • 0 comments

What type of Pull Request is this? (check all applicable)

  • [x] Refactor
  • [ ] Feature
  • [ ] Bug Fix
  • [x] Optimization
  • [ ] Documentation Update

Describe your changes in brief

Use memguard to store secrets, passphrases to prevent heap inspection attack. Now passphrases are stored in a memguard enclave and only retrieved immediately before they are used. This includes s3storage, azstorage, and using a passphrase to secure a config file.

Checklist

  • [x] Tested locally
  • [ ] Added new dependencies
  • [ ] Updated documentation
  • [ ] Added tests

Related Issues

  • Related Issue #
  • Closes #

jfantinhardesty avatar Jul 16 '24 16:07 jfantinhardesty