...
- Generate RSA/ECDSA key pair using PKCS11
- Securely store the private key.
- Store the private key using TPM if it is available
- PKCS10 CSR generation
- Communicates with the previously described CA Broker Service over REST API
- Periodically generates a usage report
- Certificate Renewal
- Discovery of Internal CA Broker Service
The below diagram illustrates how a micro service will communicate with the CA Broker Service to enroll its certificate.
The project will also provide a Secret Service with the following features and capabilities:
- RESTful API support
- ADD
- UPDATE
- DELETE
- Token based authentication for above requests
- username and password based authentication will also be supported
- Securely store secrets using AES encryption
- Use TPM/SGX for key storage if available
The below diagram illustrates how a micro service will use the secret client agent to talk to the secret service to store or retrieve passwords.
Architecture Alignment:
Other Information:
...