| CPC G06F 21/6218 (2013.01) [G06F 21/602 (2013.01); G06F 21/606 (2013.01)] | 18 Claims |
|
1. A computer-implemented method, comprising:
creating, by one or more processors, a first container before an application container is ready for running, wherein the first container is configured to receive a first key from a key management device, obtain first encrypted data for the application container from a storage device, decrypt the first encrypted data using the first key to obtain first decrypted data, and mount the first decrypted data into the application container, wherein the first decrypted data is present and stored only within a temporary file space of the application container, and wherein the first key is accessible only in the first container, and wherein the first key is removed from the first container after the decryption of the first encrypted data;
exiting, by one or more processors, the first container; and
switching, by one or more processors, the application container to ready for running.
|