Speaker: Russ Allbery (Stanford University)

Title: Secure Key Management with Wallet

Abstract:

Wallet is a system built on remctl (and hence GSS-API) for managing secure keys and other types of secure data.  It supports flexible ACLs including an extensible ACL system, extensible types of data including customized actions for storing and downloading particular types of keys, and extensive auditing and logging.

The initial test release is targeted at distributing Kerberos keytabs and supports extracting existing keys from a KDC (with a suitably patched kadmin.local) and synchronization with an AFS kaserver.  Subsequent releases will expand the keytab support and add support for other types of secure data (X.509 private keys or key pairs, ssh private keys or key pairs, simple files, and so forth).

This talk will present the overall design, give an overview of the current features, and discuss extensibility and goals for future releases.

Slides: PDF