Abstract: A system may include a processing device and a memory storing instructions that, when executed by the processing device, causes the processing device to obtain a health check instruction that is specific to a name of a service that is associated with one or more endpoints, including performing a lookup with the name to obtain the health check instruction that is specific to the name. The processing device performs the one or more actions of the health check instruction to determine a health status of the one or more endpoints, and stores the health status of the one or more endpoints. In response to receiving a request to resolve the name from a client, the processing device returns the one or more endpoints based at least on the health status of the one or more endpoints.

Abstract: A data platform provides for encryption of secrets. During operation, an application of the data platform receives a secret and communicates the secret to an encryption client of the data platform. The encryption client generates an encrypted secret using a Data Encryption Key (DEK) and the secret. The encryption client communicates the DEK to an encryption server of the data platform while retaining the encrypted secret. The encryption server generates an encrypted DEK using a Transit Encryption Key TEK. The encryption server communicates the encrypted DEK to the encryption client and the encryption client generates a binary large object (blob) using the retained encrypted secret and the encrypted DEK. The application stores the blob on a data storage device.

Abstract: A system may include a processing device and a memory storing instructions that, when executed by the processing device, causes the processing device to obtain a health check instruction that is specific to a name of a service that is associated with one or more endpoints, including performing a lookup with the name to obtain the health check instruction that is specific to the name. The processing device performs the one or more actions of the health check instruction to determine a health status of the one or more endpoints, and stores the health status of the one or more endpoints. In response to receiving a request to resolve the name from a client, the processing device returns the one or more endpoints based at least on the health status of the one or more endpoints.

Abstract: A data platform provides for encryption of secrets. During operation, an application of the data platform receives a secret and communicates the secret to an encryption client of the data platform. The encryption client generates an encrypted secret using a Data Encryption Key (DEK) and the secret. The encryption client communicates the DEK to an encryption server of the data platform while retaining the encrypted secret. The encryption server generates an encrypted DEK using a Transit Encryption Key TEK. The encryption server communicates the encrypted DEK to the encryption client and the encryption client generates a binary large object (blob) using the retained encrypted secret and the encrypted DEK. The application stores the blob on a data storage device.

Abstract: A system may include a processing device and a memory storing instructions that, when executed by the processing device, causes the processing device to discover one or more endpoints of a service in view of a name that is unique to the service. In response to receiving a request to resolve the name from a client, the processing device may obtain the one or more endpoints of that service in view of the name. The processing device may filter the one or more endpoints, in view of the name and return the one or more endpoints which are filtered, to the client.

Abstract: A system may include a processing device and a memory storing instructions that, when executed by the processing device, causes the processing device to discover one or more endpoints of a service in view of a name that is unique to the service. In response to receiving a request to resolve the name from a client, the processing device may obtain the one or more endpoints of that service in view of the name. The processing device may filter the one or more endpoints, in view of the name and return the one or more endpoints which are filtered, to the client.

Abstract: A system may include a processing device and a memory storing instructions that, when executed by the processing device, causes the processing device to discover one or more endpoints of a service in view of a name that is unique to the service. In response to receiving a request to resolve the name from a client, the processing device may obtain the one or more endpoints of that service in view of the name. The processing device may filter the one or more endpoints, in view of the name and return the one or more endpoints which are filtered, to the client.

Abstract: The present disclosure provides a system for securely maintaining data, wherein the customer has full visibility over all access to that data. In particular, the present disclosure provides for a multi-tenant cloud computing region operated jointly by a cloud platform provider and a local third-party partner. The multi-tenant region includes an isolated region and a non-isolated region, wherein the isolated region includes a proxy controlling access to the isolated region. Defined parameters are stored at the proxy and used to determine whether access to the isolated region should be granted. When requests are granted, credentials encrypted with a regional key are issued to the requester, and the access may be monitored and/or recorded.