US 12,210,464 B2
Cache service for providing access to secrets in containerized cloud-computing environment
Bhaskardeep Khaund, Bothell, WA (US); Bo Wu, Albuquerque, NM (US); Andrey A. Lukyanov, Redmond, WA (US); and Nicolae Voicu, Bellevue, WA (US)
Assigned to Microsoft Technology Licesning, LLC, Redmond, WA (US)
Appl. No. 18/276,427
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
PCT Filed Feb. 8, 2022, PCT No. PCT/US2022/015659
§ 371(c)(1), (2) Date Aug. 8, 2023,
PCT Pub. No. WO2022/170260, PCT Pub. Date Aug. 11, 2022.
Claims priority of application No. 2027514 (NL), filed on Feb. 8, 2021.
Prior Publication US 2024/0111689 A1, Apr. 4, 2024
Int. Cl. G06F 12/12 (2016.01); G06F 12/128 (2016.01)
CPC G06F 12/128 (2013.01) 20 Claims
OG exemplary drawing
 
1. A cloud-computing system, the cloud-computing system comprising:
a first absolute store containing first secrets associated with a first service, wherein the first absolute store enforces a first set of access controls on the first secrets and wherein the first set of access controls authorize the first service to access the first secrets;
a second absolute store containing second secrets associated with a second service, wherein the second absolute store enforces a second set of access controls on the second secrets, wherein the second absolute store is separate from the first absolute store, and wherein the second set of access controls authorize the second service to access the second secrets but do not authorize the first service to access the second secrets;
a cache storage containing copies of the first secrets and the second secrets; and
a first cluster of two or more servers, the first cluster comprising:
a first container comprising the first service, wherein the first container is an isolated environment in the first cluster for running the first service;
a second container comprising the second service, wherein the second container is an isolated environment in the first cluster for running the second service; and
a cache service, wherein the cache service comprises instructions stored in memory that, when executed by one or more processors, cause the cache service to:
receive, from the first service, a first call for the first secrets;
receive, from the second service, a second call for the second secrets;
authenticate the first call based on the first set of access controls;
authenticate the second call based on the second set of access controls;
retrieve, in response to authenticating the first call, the first secrets from the cache storage, wherein the first container is more proximate to the cache storage than to the first absolute store; and
retrieve, in response to authenticating the second call, the second secrets from the cache storage, wherein the second container is more proximate to the cache storage than to the second absolute store.