►
From YouTube: Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel
Secrets are a key pillar of K8S security, and K8S 1.10+ enhanced the protection of secrets at-rest in the etcd, with support for an external KMS (via KMS plug-ins), and supporting envelope encryption. However, the secret encryption keys (DEKs/KEK) are in the clear in memory of the K8S Master in the KMS plug-ins (during execution). An attacker with privilege access to k8S master node/host, can read the keys from memory, access secrets, compromising data & k8s cluster. This session proposes a solution (with a quick demo) to add a new KMS plug-in that leverages hardware based TEE (Trusted execution environment – like Intel SGX) to ensure that the keys, and the encryption of the secrets, are protected by the CPU on the master, addressing the threat vector mentioned. It enumerates multiple options for the integration with KMS, articulating the the trade-offs of the approaches.
https://sched.co/UaZ2
A
B
All
right,
can
you
guys
hear
me?
Okay,
all
right
good
morning,
good
afternoon,
pretty
soon
here
before
I
go
too
far.
Let
me
ask
you
a
couple
of
quick
questions.
How
many
of
you
are
dealing
with
a
kms
plug-in
today
to
protect
secrets
with
kubernetes
okay
couple
of
you,
how
many
of
you
heard
the
term
t'ee
before
right,
a
few
okay.
B
We
I'm
gonna
cover
the
first
couple
of
sessions
in
the
parts
of
the
agenda
today
and
I'm,
not
as
bright
as
brave
as
hi
dong
is
he's
actually
gonna
try
to
do
a
demo.
Okay,
I,
don't
know
about
you
guys,
but
security
demos
are
probably
not
the
most
glamorous
ones.
You
know
you
know
you're
hard
to
do
anything
in
security
in
a
big
session
like
this,
but
he's
gonna
try
to
do
a
demo,
okay
and
then
I'm
gonna
come
back
and
talk
about
next
steps,
specifically
what
we
are
trying
to
put
out
into
the
community.
B
B
Everybody
knows
what
secrets
are
in
kubernetes
in
anything
that
is
sensitive,
anything
that
is
credentials
or
keys
or
any
other
key
material
instead
of
making
it
part
of
the
container
images
themselves.
Kubernetes
has
this
wonderful
mechanism
of
secrets
that
you
can
provide
to
the
container
at
runtime:
either
you
provide
them
as
environment
variables,
or
you
can,
you
know
essentially
put
them
as
file
system
mounts
and
mount
them
to
the
container
at
runtime.
The
secrets
themselves
are
stored
in
the
HC
database.
B
The
key
value
store
that
kubernetes
uses,
and
by
default,
the
secrets
in
the
HC
database
are
not
encrypted.
Okay,
they
are
base64
encoded,
which
is
not
encryption.
Okay,
that's
the
default
implementation
in
kubernetes,
I,
think,
starting
with
1.7
or
a
bow
of
kubernetes.
They
added
at
rest
encryption
for
all
the
content,
that's
in
the
HC
database.
Okay,
this
way
somebody
can't
get
a
copy
of
your
Etsy
database
and
walk
away
and
they
get
secrets
of
all
the
workloads
that
are
running
in
those
clusters.
So
these
could
be
usernames
passwords.
These
could
be
account
IDs.
B
It
could
be
any
other
key
material
secrets
that
you
have.
Okay.
There
are
two
kinds
of
encryption
providers
that
kubernetes
has
today.
One
is
called
the
local
encryption
provider
and
the
other
one
is,
you
know
like
what
they
call
the
kms
based
provider
or
the
remote
provider.
So
let's
look
at
the
local
provider
first
right,
I
know.
Typically,
this
is
something
that
is
running
on
the
same
API
server
in
the
cluster.
B
You
know
it
could
be
one
of
the
two
algorithms,
the
CBC
or
GSM,
doesn't
matter
which
one
and
the
keys
are
in
a
llamó
file.
You
know
in
an
environmental
config
file
that
the
API
server
uses.
Okay,
you
see
the
picture
on
the
lower
right
there.
You
know
that's,
typically
what
the
yama
looks
like
and
you
see
a
key
one
and
the
key
value
there.
This
file
is
residing
on
the
same
API
server,
okay,
but
it
mitigates
one
important
threat.
Okay,
things
are
encrypted
using
that
key
in
the
HC
database.
B
So
if
somebody
tried
to
compromise
the
HC
database,
they
won't
get
much
out
of
it
because
things
are
encrypted
in
it.
So
it
definitely
mitigates
that
specific
threat,
but
the
thread
that
it
cannot
mitigate
is
a
host
compromise.
If
somebody
were
to
get
access
to
an
or
the
API
server
host,
they
can
get
access
to
the
Yama
file
that
is
there
and
inside
the
Yama
file
is,
are
the
keys
or
the
keys?
That's
that
is
used
to
encrypt
the
content
in
the
internet.
C
database,
so
I
can
get
a
copy
of
the
HC
database.
B
B
Okay,
so
kubernetes
added
the
next
one,
which
is
called
the
KMS
encryption
provider
where
they
take
the
keys
away
from
the
HC
database.
Okay,
they
use
a
concept
called
envelope
encryption.
How
many
of
you
are
familiar
with
envelope
encryption
awesome
so
for
the
others
very
quickly
envelope.
Encryption
uses
multiple
levels
of
keys.
Okay,
there
is
a
key
called
the
data
encryption
key
that
encrypts
a
piece
of
content.
B
Okay
and
then
there
is
something
called
a
key
encryption
key
that
encrypts
the
data
encryption
key
okay
in
this
in
this
model
in
the
kms
a
encryption
provider
model,
the
key
encryption
key
is
never
stored
in
the
HC
database.
It
is
always
in
a
remote
machine
somewhere
like
a
key
management
server
which
is
backed
up
by
an
HSM
or
something
like
that.
B
So
the
key
encryption
key
is
never
in
the
HC
database,
so
the
secrets
are
encrypted
with
the
data
encryption
key
and
the
data
encryption
key
is
sent
off
to
the
remote
key
management
system
encrypted
with
the
key
encryption
server
there.
The
cipher
text
comes
back
and
it
is
stored,
along
with
the
secret
in
the
Etsy
database.
B
Okay,
so
it
clearly
mitigates
the
two
threats
that
we
talked
about:
the
HC
database
compromised
and
also
the
host
compromised
to
some
degree.
So
let's
look
at
this
thing
a
little
bit
more,
how
it
works
on
the
API
server.
There
is
something
called
a
kms
plugin:
okay,
it
is
AG
RPC
server
that
talks
to
the
API
server
yeah
and
then
the
kms
plug-in
has
the
mechanisms
to
talk
to
the
key
management
system.
That's
on
the
back.
B
So
whenever
you
need
to
encrypt
a
secret,
the
kms
provider
that
is
in
the
API
server
generates
a
data
encryption
key.
It
uses
standards,
open
SSL
type
mechanisms
to
create
the
data
encryption
key
and
it
encrypts
the
secret
with
that
data.
Encryption
key
before
it
writes
that
encrypted
secret
into
the
HC
database.
It
sends
the
data
encryption
key
through
the
plug-in
to
the
remote
kms
machine.
The
data
encryption
key
gets
encrypted
there.
The
block
comes
back
along
with
that
encrypted
secret.
B
So
now,
when
I
have
to
read
a
secret
that
if
the
reverse
process
happens,
okay,
the
kms
plug-in
uploads,
the
blobs,
both
the
blob
for
the
secret
and
the
block
for
the
data
encryption
key
sends
the
data
encryption
T
to
the
kmac.
The
kms
on
the
other
side
gets
that
and
the
data
encryption
key
decrypted
they're
decrypts
the
secret
then
either
gives
it
to
the
container
as
an
environment
variable
or
it
writes
it
into
RAM
FS
and
mounts
it
as
through
a
file
system
mechanism.
B
This
is
how
the
kms
plugin
works.
It
is
being
there
in
kubernetes,
1.10
and
above
and
quite
a
few
people
use
that
in
production,
the
most
typical
kms
people
use
or
the
Hoshi
com1,
for
example-
ok
I'm
not
going
to
go
through.
You
know
the
slides
have
a
bunch
of
flows
on
how
this
thing
happens
in
the
interest
of
time
I'm
going
to
let
this
pass,
you
know
the
slides
are
available
for
you
guys
online.
B
If
you
want
to
look
at
exactly
all
the
the
details,
I'm
gonna
get
to
what
are
the
key
observations
on
the
kms
provider.
Ok
for
every
encrypt
of
the
dek
or
a
decrypt
of
the
dek.
I
have
to
go
to
the
remote
kms
server.
Ok,
in
some
cases,
the
kms
server
is
in
the
same
cloud
environment
there
like
a
cloud
or
kms,
for
example,
but
in
many
cases
for
enterprises
running
in
a
cloud
the
kms
is
in
the
enterprise.
B
Ok,
imagine
the
traffic
every
time
you
have
to
go
to
encrypt
and
decrypt
a
secret
there's
a
lot
of
performance
and
latency
concerns
when
you
have
to
do
that.
Ok,
I,
actually
remember.
Google
GCP
recommends
that
you
use
a
cloud
HSM
and
the
cloud
HSM
has
to
be
closer
to
your
clusters,
the
kubernetes
clusters,
so
that
you
don't
have
this
performance
issues.
B
B
So
if
I
am,
if
I
compromised
a
host
I
can
take
a
snapshot
of
the
memory
of
that
API
server.
I
have
all
the
decays
there
that
are
cached,
then
I
can
get
an
encrypted
HC
database
offline.
Take
my
decays
and
eventually
I
can
get
to
the
secrets
that
you,
okay,
but
the
kms
plugins,
provide
this
caching
mechanism
to
address
the
performance
and
latency
concerns.
B
Okay,
you
can
choose
to
make
the
cache
0,
which
means
that
the
dek
is
an
our
cache,
but
then
the
result
is
you
have
to
go
back
to
the
kms
every
time.
Okay,
so
our
proposal
is:
will
decay
miss
plug-in
that
uses
a
trusted,
execution,
environment
and
I'm
going
to
get
to
in
a
minute
what
that
means
so
that
we
can
address
both
the
concerns?
The
threats
that
I
talked
about,
Etsy
debate,
compromise
host
compromise,
but
also
ad.
Does
the
performance
concerns?
Ok,
so
what's
a
trusted
execution,
environment?
B
Ok,
a
a
trusted
execution
environment,
a
textbook
definition
of
that
is
a
secure
area
in
the
memory
that
is
protected
by
the
processor.
You
know
it.
People
also
use
the
term
on
cliffs
intel
uses
the
term
on
cliffs,
for
it.
Ok
it
that
enclaves
have
Hardware
protection
both
for
the
code
that
runs
in
them
and
the
data
that
is
loaded
in
them.
Ok
and
the
Tees
guarantee
both
the
integrity
and
confidentiality
of
the
code
and
date,
data
that
runs
in
there
and
it
protects
you
from
the
threats
that
we
have
been
talking
about.
B
You
know
a
malicious
admin,
a
compromised
admin
for
example,
or
you
know
it
another
tenant
on
the
hypervisor
that
is
compromised.
They
can't
get
to
what
is
running
inside
this
trusted
execution
environment.
If
the
platform
gets
compromised
completely,
let's
say
the
BIOS
gets
compromised
or
the
host
OS
gets
compromised.
You
still
can't
get
to
this
trusted
excision
environment
because
it's
protected
by
the
CPU
and
it's
a
piece
of
memory
where
the
code
and
data
are
always
protected.
Ok,
you
probably
heard
the
term
confidential
computing.
B
Confidential
computing
spaces
is
built
on
trusted
execution
environments
and
a
good
example
of
a
te
is
from
Intel
called
Intel.
Sgx
secure
got
extensions.
There
are
other
T's
as
well.
There
is
one
from
armed
called
armed
trust
zones
that
I'm
sure
some
of
you
are
familiar
with,
especially
if
you
are
using
an
Apple,
iPhone,
Apple
iPhone
users
arm
trust
owns
as
a
trusted
execution
environment,
and
there
are
quite
a
few
others
as
well,
but
the
one
from
Intel
is
called
Intel
SGX.
B
It
is
been
available
for
a
couple
of
years
now
on
single
socket
machines
and
in
the
next
generation
Intel
hardware
that
is
coming
soon.
You
will
have
SGX
on
multi,
socket
machines
and
broadly
available
across
all
the
vendors
and
on
the
OEM
hardware,
vendors
as
well.
Okay.
So
what
does
the?
How
does
the
concept
work?
Okay,
I,
hope
you
can
see
the
picture
correctly.
Can
you
guys
read
the
picture
okay
from
the
back?
Alright,
so
the
new
kms
plug-in
trusts,
the
de
based
plug-in,
will
still
be
another
GRP
server.
B
Just
like
the
kms
plug-in
is
today.
Okay,
then,
once
you
do
an
attestation
of
the
de
that
Enclave,
we
can
actually
cache
the
key
encryption
key
from
the
key
management
server
into
that
Enclave.
The
picture
that
you
see
there
in
blue
okay.
So
now
you
can
encrypt
and
decrypt
your
secrets
inside
this
Enclave
inside
this
trusted
execution,
environment.
Okay,
you
can
create
your
decays
there.
You
can
send
your
secret
and
get
it
encrypted
or
decrypted
there.
You
never
really
have
to
go
back
to
the
key
management
system
on
the
back.
B
Okay,
of
course,
if
you
want
to
recycle
your
kek,
you
shut
down
the
kms
plug-in
reinitialize
it
it's
going
to
authenticate
itself
to
the
key
management
system
on
the
back,
and
then
it
can
cache
the
KEK.
But
you
have
the
guarantee
from
hardware
that
that
kek
will
never
be
leaked
out
of
the
trusted
execution,
environment.
B
B
B
Just
like
you
do
anything
normal
today,
okay,
so
this
is
the
proposal
that
we
are
bringing
to
the
kubernetes
community
and
we
will
follow
it
up
with
a
with
a
proposal
and
the
reference
code
as
well,
but
before
we
get
to
all
of
that
so
far,
it's
been
only
powerpoints
I'm
going
to
hand
it
over
to
hi
down
to
actually
show
you
a
demo
of
how
all
of
this
looks
like.
Okay
with
that
I
know,.
C
Hello
can
guys
hear
me.
Okay,
all
right!
Thank
you.
Well,
that's
right.
Go
for
the
explanation
of
this
solution.
I
make
my
demo
much
easier
so
so
for
this
demo,
so
I'm
going
to
show
basically
four
scenarios:
okay
is
actually
from
developers
back
is
kind
of
four
milestones,
so
demo
one
is
actually
it's
not
not.
There's
no
divine
revolve.
It's
basically
set
up
the
environment
and
use
the
default
implementation
of
coconuts
to
make
the
system
work.
However,
it
will
use
the
baseline
for
us
to
compare
which
based
demo
to
demo
3,
etc.
C
Ok,
so,
as
you
can
see
for
so
demo,
2
times
3,
where
you
use
the
same
flow,
the
same
architecture
or
just
a
different
madman,
tations
wisdom
with
SX
on
creep,
okay,
so
in
demo
one
we
have
API
server.
You
know
comunist
master
api
server,
talk
to
the
cameras,
plugin
chemist,
passing
we're
going
to
use
open
source
projects
is
called
a
chemist.
Plugin
vault
has
actually
contributed
by
a
very
few
developers
from
Oracle
and
it's
it's
on
github,
so
we
basically
download
right,
compiled
and
set
it
up.
So
we
also
have
a
cameo
server.
C
The
chemist
server
is,
you
know,
is
you
can
cut
it
if
really
as
well
is,
is
about
okay,
so
we
survived
environment.
You
know
to
some
kind
of
investigations
and
then
basically
use
the
the
baseline
okay.
So
for
demo
to
the
difference
of
demo,
to
kappa
wisdom,
one
is
just
like
robust
said:
where
can
we
use
the
T
basically
SGX
to
protect
the
de
case?
So,
as
you
can
see
in
this
picture,
the
blue
box
here
base.
We
add
these
blue
box
into
the
chemists
plucky.
Ok,
this
blue
box
is
implemented
in
SE
X.
C
So,
as
you
know,
for
you
know
for
STX
one,
you
can
basically
write
some
code
and
unclip
will
be
replica
and
this
code
and
the
data
you
said
this
unclear.
It
will
be
pressure
all
the
time
so
for
demo
to
basically
the
solution
is
we're
going
to
cash.
The
decrease
used
to
encrypt
the
secret
inside
unclean
okay.
So
in
that
way,
so
we
don't
rely
on
API
server
to
catch
the
D
key.
C
So
the
dick
is,
however,
the
encryption
still
happens
in
a
chemist,
so
we
still
relies
on
the
chemist,
so
the
flow
is
basically
the
EPS
are
in
case.
You
want
to
store
a
secret,
so
you
call
the
API
server
the
pestle
we're
going
to
a
general
DK.
Then
the
code
could
come
as
plug-in
and
go
to
the
chemist
server
caddy
encrypted.
Then
in
the
middle,
the
chemists
plotting
basically
cached
the
plant
X
T
key
and
they
encrypt
the
D
key
inside
this
unclear.
C
So
next
time,
if
you
want
to
use
this
D
key,
you
know
so
from
API
solar
perspective.
There's
no
modification.
We
just
go
to
chemist,
plug-in
chemist
regime,
basically
just
retrieved
the
plant
X
T
key
from
the
unclear,
so
this
is
demo2
photon,
mu,
3.
The
flow
is
the
same,
however,
but
the
time
was
three
here
basically
is
we
will
bring
in
the
bigge
formulas
with
more
chemists
over
into
this
unclear,
so
the
degree
will
be
provisioning
inside
the
Enclave.
C
So
for
the
most
read
the
whoever
provided
manually
so
in
distance
is
every
time
when
ApS
or
tries
to
store
secret
or
retrieve
secret
is
college
into
chemists
plug-in
and
a
chemist
plug-in,
basically
the
two
and
God.
You
know
the
coincide
unclear
to
inhibited
D
key
or
D
cubed
e
key
everything
happens
locally.
Okay,
so
even
though
I
have
the
chemist
here,
but
it's
actually
not
needed
so
time
move
for
here's.
C
Okay,
however,
you
know
so
this
is
basically
what
we
plan
for
Tamil
for
with
an
outreach
Richard
today
here
so
today,
I'm
going
to
show
you
Tamil
one
two
and
three
okay,
alright,
with
that
I'm
going
to
keep
going
to
oh
by
the
way,
so
so
I'm
quickly
go
through
the
demo
environment.
So
a
ragu
automation
that
you
know
servers
that
support
chemists
as
support
SGX
right
so
in
the
demo,
so
I
actually
use
a
few
knocks.
C
C
Vault,
chemist,
plugins,
is
in
a
way
you
download,
as
I
mentioned
earlier,
is
in
go
line
and
we
developed
this
on
cliff
this
on
cliff.
Actually,
we
have
two
versions:
uncle
II
support,
demo
two
and
demonstrate
one:
is
you
see
the
other
one
see
insist
C
C++?
So,
basically,
you
will
link
the
the
:
code
waste
as
yes,
unclip
core,
so
the
edges
on
creep
ever
here's
to
protect
all
the
decays
and
you
know
in
his
interest
three-way
being
the
key
key.
So
I
have
a
worker
note
here.
C
C
C
C
C
So
I
have
a
window
on
the
left
and
then
a
window
on
the
right
side
window
on
the
left
side.
Basically,
I
would
go
through
each
of
the
window.
Basically,
basically,
that's
you
know
different
demos
for
demo,
one
so
I'll
go
with
stuffed
em
one
first,
okay,
so
demo1
as
you
can
see,
the
I
have
a
script
running
start
ms
plugins
already
up
and
running
so
with
this
so
I'm
going
to
provision
security
into
this
environment
quickly.
C
C
C
C
C
So
let
me
quickly
scroll
you
here,
so
the
chemists
plucking
here
I
will
show
you
a
difference
here.
Chemists
plug-in
server.
So
as
you,
oh
so
sorry,
this
is
actually
shows
the
chemists
plugin
that
we
did
not
modify
at
all.
As
you
can
see,
so
one
more
trial
adheres
it
everything
to
the
several
dynamic
laberd's
over
here.
So
like
three
or
four,
however,
for
this
the
environment
for
timer
to
you
can
basically
see
the
chemists.
C
Plugin
that
I'm
running
right
now
so
you
can
see
there
are
a
bunch
of
more
dynamic
libraries
that
there
are
chemist
plug-in
every
link
in
one
one
you
can
see
is
lib
T.
This
is
the
library
that
hook
up
the
co
language
ways
this
C
implementation
and
also
we
can
see
the
lab
SGX
a
kind
of
fueled,
lib
ICS
here.
This
is
this:
the
libraries
that
helped
application
link
into
the
Enclave
okay.
So,
with
this
I'm
going
to
show
you
the
secret
I'm
going
to
provision
into
the
kapinas
environment.
C
C
So
it
says
successfully
and
then
then
what
I
can
do
here
is
look
at
this
you
did
is
a
database
again.
So,
as
you
can
see,
the
secret
is
is
all
received
here.
So
the
the
context
here
shows
the
three
militants,
because
the
sick,
the
secret
and
the
D
key
are
actually
you
know.
The
D
key
actually
is
still
encrypted
by
the
remote
kms
server.
So
on
the
on
the
left
side,
as
you
can
see,
actually
this
is
just
the
debugging
information
and
print
out
over
here.
So
you
can
see.
C
Actually
is
the
the
screen
keep
rolling
up
you?
This
is
because
the
API
server
is
keep
communicating
with
cameras
plug-in
and
it's
periodically
send
the
pin
eyes.
Actually
can
you
can
have
here?
This
seems
to
in
the
pin
the
chemist
plugging.
Actually
just
you
know
you
treat
it
as
as
a
as
a
D
key
then
use
these
so
from
the
chemist
blocking
perspective
it
really
as
the
D
key
and
then
to
link
whipped
and
then
decryption.
So
everything
happens
actually
successful
over
here.
C
Okay,
so
you
know
the
initial
time
and
gonna
speed
up
a
little
bit.
So
here
I'm
running
the
third
demo
here
again,
so
I
stopped
the
previous
one.
I
run
this
AMS
plug-in
here
this.
As
you
can
see,
this
is
a
key
crypto
testing
environment.
So
basically
here
is
Harrison.
The
encryption
decryption
happens
locally
inside
Enclave.
We
already
provision
key
key
inside
this
on
cliff
okay,
so
sim
step
I'm
going
to
show
here
is.
C
C
Oh,
this
actually
because
I
run
a
demo
earlier,
so
it's
already
in
the
database,
so
I
yeah,
so
that
step
are
the
same.
So
I
think
this
is
the
three
demos
which
I'll
demonstrate
with
three
inches
of
time.
So
I'm
gonna
stop
over
here
and
the
ledger
I'll
go
to
wrap
it
up.
Can
you
switch
to
the
other
okay
sure
so.
D
This
sounds
similar
to
the
TPM
chip
on
a
lot
of
the
windows
and
workstations
we've
worked
with
before,
but
you
said
that
we
have
to
wait
for
the
hardware
for
multi
socket
to
be
available
and
then
those
things
to
get
into
the
cloud
environments
correct
before
we
can
take
advantage
of
this.
So
it
sounds
like
all
you
really
are
looking
for
is
some
help
building
an
abstraction
layer
from
SGX.
D
B
You
know
I,
don't
know
if
I'm
specifically
looking
for
that,
help
that
from
the
community
what
we
are
really
looking
from
the
communities
hey.
This
is
a
new
way
of
protecting
secrets
where
you
are
using
the
hardware
trusted
execution
environments,
okay,
whether
you're
using
Intel
SGX
and
whatever
else
you
are
using,
but
we
want
to
drive
the
community
towards
using
a
trusted
execution
environment
as
a
way
to
protect
secrets
that
way,
the
the
threat
models
that
I
talked
about.
You
know
somebody
compromising
the
hosts
compromising
the
HD
database.
B
B
You
should
have
at
least
one
you
should
have
at
least
the
the
masternode
has
to
have
it:
okay,
not
the
worker
nodes.
Okay,
all
right!
So
just
me,
let
me
wrap
up
in
30
seconds.
Okay,
for
us.
The
next
step
is
the
we
need
to
finish
the
demo
for
The
Enclave
attestation.
That's
a
big
part
to
make
sure
that
kms
knows
that
it
can
release
the
keys.
B
That's
one
thing:
the
second
piece
is:
we
are
in
the
process
of
building
this
the
k
EP,
the
kubernetes
enhancement
proposal,
so
that
we
can
share
that
broadly
with
the
community
to
see
what
this
thing
is,
what
the
proposal
is
what
the
changes
are
required
in
the
API
server
to
make
this
happen,
and
the
third
thing
is,
you
saw
a
quick
and
dirty
demo
from
high
down
on
this,
but
we
want
to
actually
complete
that
as
a
reference
code
put
it
out
in
the
community
so
that
whoever
wants
to
use
it
can
use
it.
Okay.
E
B
C
C
as
GX.
There
are
two
ways
you
program
with
sjx
one:
is
you
refactor
your
application
so
that
the
places
where
the
sensitive
content
is
dot
runs
in
a
non
clip?
Okay,
that's
one
model:
okay,
where
you
have
two
refracted
application.
The
second
model
for
SGX
is
hey
I'm,
going
to
take
my
entire
application,
as
it
is
I'm
going
to
shove
it
into
a
non
clip
using
something
like
a
library
us
underneath
it,
okay,
that
is
like
graphene,
for
example.
B
It's
a
very
good
example
of
taking
your
application
as
it
is
and
shoving
it
into
a
non
clip.
Both
models
are
possible.
Okay,
in
the
first
case
where
you
refactor
your
trusted.
Compute
beasts
is
extremely
small.
You
decide
what
is
important
for
you
and
you
run
that
in
the
unclear
protection
environment.
But
in
the
second
case
you
took
your
application
entirety
and
go
run
it
there.
So
you
increase
your
trusted.
Compute
base
quite
a
bit
either
way
so
either
way
you
can
do
it,
but
it's
the
same
thing:
it's
what
you
are
comfortable
in
doing.
B
That's
all
it
comes
down
to,
but
the
size
of
the
Enclave
is
128.
Meg
today
on
the
single
socket
machines,
but,
like
I,
said
multi
socket
machines
going
forward,
the
size
would
be
significantly
higher.
I
can't,
unfortunately,
tell
you
how
much,
but
it's
going
to
be
significantly
higher,
so
the
opportunity
of
running
applications
directly
is
possible.
F
B
See
the
whole
idea
of
kms
is
that
it
is
sitting
inside
a
trust
zone
of
some
kind.
You
know
it's
in
a
protected
environment,
okay,
the
came
the
kms
itself,
the
kms
is
outside
the
cloud
clusters-
trust
boundary.
If
you
will,
it
is
sitting
somewhere
remotely.
It
is
handled
protected
by
some
other
mechanism.
It's
not
this.
C
B
So
that's
one
part
of
the
answer
right.
The
second
part
of
the
answer
is
there
is
nothing
stopping
from
what
to
use
Enclave
a
trusted
execution
environments
to
do
the
crypto
processing
when
you
send
something
to
wall
for
execution,
for
example,
okay,
there's
a
company
called
photonics
which
builds
what
is
called
a
self
defending
kms
that
uses
as
GX
as
a
way
to
do.
Processing
of
all
requests
that
come
to
that
kms.
But.