The Secret to Keeping Secrets Secret

The digital world depends on secrets.

In many ways, computers use secrets the same way people use physical keys. Sometimes we even call them "keys." Regardless, we combine secrets and keys with barriers and locks to prevent unwanted access to things we value.

However, there is a catch… control of access also has a transitive property. Because secrets and keys control access to valuable things, they also take on value similar to the things we're protecting. In the digital world, this is amplified by how easily and quickly we can make perfectly accurate copies.

But if we start valuing the secrets, we have to protect the secrets. Do you control access to the secrets by using another secret? How do you avoid the endless chain of secrets controlling access to secrets?

The answer is secrets processing.

You use a trusted mechanism to take in a query that can only be answered by using the secret. If the answer comes back correct, you know the mechanism has access to the secret.

This sort of inverts the mental model of locks and keys... Instead of taking the key to the lock, you take the lock to the key.

Think of it like handing a lock to a guard at a gate.

The guard goes into the guardhouse on the other side of the gate and uses keys that stay in the guardhouse. If the guard brings you back an open lock, you know they had access to the right key.

The essential pieces of this model are physical separation of the secrets or keys from the public interface, and use of a trusted proxy or intermediary.

The physical separation keeps untrusted people away from the secrets, while the proxy enables you to still open the lock.

This is exactly how ankrd protects your secrets.

Don’t keep your secrets where untrusted entities can gain access. Move your secrets - your digital keys, passwords, and credentials - away from the attack surface. Use a provably trusted and transparent proxy to handle your queries.

Get ankrd and keep your secrets secret.