| CPC H04L 9/3213 (2013.01) [H04L 9/0643 (2013.01); H04L 9/085 (2013.01); H04L 9/0866 (2013.01)] | 25 Claims |
|
1. A computer-implemented method for managing secrets in an enterprise computing network comprising:
generating, at a first client device, at least one secrets record;
generating, at the first client device, an application record and associating the application record with a computing environment in which the secrets are to be used, the application record including an application key;
encrypting, at the first client device, the at least one secrets record using the application key to generate at least one encrypted secrets record;
sending, to a server, the at least one encrypted secrets record;
configuring, at the first client device, a second client device by:
generating an access token corresponding to the second client device; and
sending the access token to the second client device via a secondary communications channel,
wherein the access token is used to associate the second client device to an application using an encrypted application key;
initializing an interface using the access token at the second client device,
wherein initializing the interface comprises:
receiving the access token from the first client device before sending a first-time secrets request at the second client device; and
installing a toolkit to execute on the second client device using the access token,
wherein the toolkit comprises software components configured to send requests for secrets records in the server and to receive the secrets records for use in the corresponding computing environment;
performing, at the second client device, a first-time authentication with the server using the association between the access token and the application key;
receiving, at the second client device in response to the first-time authentication, the at least one encrypted secrets record from the server and the encrypted application key corresponding to the second client device;
decrypting the encrypted application key using the access token at the second client device to generate the application key; and
decrypting the at least one encrypted secrets record using the application key to generate the at least one secrets record for use by the second client device.
|