This post on Securing Java Application Data for Cloud Computing offers a good introduction to using a Java KeyStore for securing encrypted data in the cloud. It neglects, however, to answer the fundamental question, as noted in one of the comments: how would you protect the keystore password on the cloud?
We are designing a SAAS web application in the AWS public cloud, which will have many end users (scaling to millions). All user data will be encrypted on a per-user basis with standard encryption. The password-protected encryption keys will be stored on a remote secure keyserver, which requires an API secret key to access. This has essentially the same problem noted in the question above, with the keyserver API secret key being directly comparable to the keystore password: how would you protect the keyserver API secret key on the cloud?
Note that our web application needs access to this secret key so that it can obtain per-user keys for encrypting and decrypting the user data. We are using AES-256 symmetric encryption, but the fundamental problem remains even for a PKI solution, as you still need to secure the private key. Note also that we could use a keystore instead of a remote keyserver, but this just reduces to the previous question and again the fundamental problem remains.
Some further constraints:
- Storing the secret on the remote secure keyserver is impossible, obviously, since it is used to access that keyserver.
- Storing the secret on the cloud filesystem is insecure, since the main point is to keep the secret from being accessible to anyone who breaches the cloud filesystem. (If the cloud filesystem were perfectly secure, we would not need to encrypt the data there.) Also, given that cloud resources are expected go down and need restarting, relying on the cloud to hold the secret is unreliable.
- Storing the secret in the code is unacceptable, for many reasons including: version control, plain-text storage, reverse engineering, key rotation, etc. See also Should a closed source website keep a secret key in its source?.
- Storing the secret in an HSM is impractical, since we cannot attach one to a virtual cloud server. See also Storage of 'secrets', keystores, HSMs and the rest.
- Storing the secret outside the cloud for remote loading by the application is also problematic: we are looking for a purely cloud-based approach to avoid having any internal servers to maintain; network reliability is not guaranteed; authenticating the cloud server's request for secret on the internal server has its own issues; etc.
- Any manual interaction should be minimized, since we want servers to start and restart as automatically as possible to reduce any downtime or human errors. My guess is that manual interaction may be necessary.
So, what is the best practice for storing a secret on the cloud? How should a web app load such a secret? I would be particularly interested in a Java solution, but this is a general problem in any language.