Abstract: The techniques discussed herein relate to providing a highly available and reliable secret distribution infrastructure. In an implementation, a key master service (KMS) system is disclosed. The KMS system includes one or more computer readable storage media having program instructions stored thereon which, when executed by one or more processing systems, direct the one or more processing systems to identify a hydration event and, responsive to the hydration event, determine if other KMS systems are running in a secret distribution infrastructure. The program instructions, when executed by one or more processing systems, further direct the KMS system to hydrate the KMS system with secret information obtained from the one or more of the other KMS systems when the other KMS systems are running in the secret distribution infrastructure.

Abstract: The techniques discussed herein relate to providing fault tolerant automatic secret rotation for secrets maintained in a secret distribution infrastructure. In an implementation, an apparatus includes one or more computer readable storage media and a secret rotation service including program instructions stored on the one or more computer readable storage media. The program instructions, when executed by one or more processing systems of a key master service (KMS) system, direct the one or more processing systems to rotate one or more secrets being served by the KMS system and provide other components of the secret distribution infrastructure with rotation information identifying the one or more secrets. The instructions, when executed, further direct the one or more processing system to validate that the one or more secrets have been rotated at the other components of the secret distribution infrastructure and, once validated, publish the rotation information to a metadata storage service.

Abstract: The techniques discussed herein relate to providing a highly available and reliable secret distribution infrastructure. In an implementation, a key master service (KMS) system is disclosed. The KMS system includes one or more computer readable storage media having program instructions stored thereon which, when executed by one or more processing systems, direct the one or more processing systems to identify a hydration event and, responsive to the hydration event, determine if other KMS systems are running in a secret distribution infrastructure. The program instructions, when executed by one or more processing systems, further direct the KMS system to hydrate the KMS system with secret information obtained from the one or more of the other KMS systems when the other KMS systems are running in the secret distribution infrastructure.