公开(公告)号：US20240095338A1

公开(公告)日：2024-03-21

申请号：US17810291

申请日：2022-06-30

Applicant: Amazon Technologies, Inc.

Inventor： Joshua Benjamin Levinson ,  Colm MacCarthaigh ,  Alexander Graf ,  Iulia-Daniela Doras-Prodan ,  Petre Eftime

IPC: G06F21/53 ,  G06F9/455 ,  H04L9/08

CPC classification number: G06F21/53 ,  G06F9/455 ,  H04L9/0891 ,  G06F2221/2149

Abstract: An instance secrets management isolated runtime environment is launched at a virtualization server, and utilizes a subset of memory assigned to a compute instance. The subset of memory is inaccessible from entities external to the runtime environment. A secrets manager of the runtime environment provides a security artifact to an application, running at the compute instance, which has requested access to a resource. The artifact is generated by the secrets manager using a security secret associated with the compute instance; the secret is not accessible to programs external to the runtime environment. In response to a determination that the artifact is valid, the application obtains access to the resource.