Details
-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
27.0.0.Final
-
None
-
---
-
---
Description
Section 15.1.2 of the WildFly Elytron Security guide describes secret-key-credential-store, saying:
This is a simple credential store implementation which can only be used to store SecretKey instances. This credential store also does not offer any protection of the contents. Within an application server environment it is always possible to get into a cycle of how is an initial secret provided to unlock further resources, this is primarily the purpose of this credential store.
These days, most computers have a Trusted Platform Module (TPM) which could alleviate this problem. If the initial secret were encrypted using a TPM, then even if an attacker can read any file from disk, they still cannot decrypt any secrets, since they would need to be able to send commands to the TPM in order to do that.
I've built a custom credential store that does this, but it would be nice if this capability were baked into WildFly. I can't offer you the entire project since some of it depends on other internal projects, but I can offer the most important parts, particularly the part that interacts with the TPM. That is accomplished using Microsoft's TSS.Java library, which only depends on JNA (technically also BouncyCastle but that is not needed in this case).
As for testing, the swtpm package is available in recent versions of Debian/Ubuntu, and there are some containers for it available on Docker Hub. So that can be used to simulate a TPM if a real one is not available. However, I discovered that swtpm implements a lot of optional parts of the TPM spec, and some real TPMs don't, so you still have to be careful about what TPM commands you use.