Abstract: A system can receive, from a remote computer, request data that identifies a request associated with a user account for credentials that are configured to access a computing resource, wherein the request data comprises a concealed value, and wherein the concealed value comprises a deployment public key that is concealed with an ephemeral secret key. The system can unlock the concealed value using a vendor secret key corresponding to the user account, to produce an unlocked concealed value. The system can send the unlocked concealed value to the remote computer, enabling the remote computer to determine a data encryption key based on processing the unlocked concealed value using the ephemeral secret key, enabling the remote computer to decrypt encrypted break-glass credentials using the data encryption key to produce break-glass credentials, and enabling the remote computer to access the computing resource using the break-glass credentials.

Abstract: Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.

Abstract: Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.