公开(公告)号：US20220083643A1

公开(公告)日：2022-03-17

申请号：US17456925

申请日：2021-11-30

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Brian S. LOUNSBERRY ,  Ashok CHANDRASEKARAN ,  Chetan S. SHANKAR ,  Chandan R. REDDY ,  Chuang WANG ,  Kahren TEVOSYAN ,  Mark Eugene RUSSINOVICH ,  Vyom P. MUNSHI ,  Pavel ZAKHAROV ,  Abhishek CHAUHAN

IPC分类号： G06F21/46 ,  H04L29/06 ,  G06F21/10 ,  H04L9/00 ,  H04L9/08

摘要： Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

公开(公告)号：US20190286812A1

公开(公告)日：2019-09-19

申请号：US15920832

申请日：2018-03-14

申请人： MICROSOFT TECHNOLOGY LICENSING, LLC

发明人： Brian S. LOUNSBERRY ,  Ashok CHANDRASEKARAN ,  Chetan S. SHANKAR ,  Chandan R. REDDY ,  Chuang WANG ,  Kahren TEVOSYAN ,  Mark Eugene RUSSINOVICH ,  Vyom P. MUNSHI ,  Pavel ZAKHAROV ,  Abhishek Pratap Singh CHAUHAN

IPC分类号： G06F21/46 ,  H04L29/06

摘要： Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.