Abstract: A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications than the one or more absolute stores are to the applications. The cache service may aggregate secrets associated with multiple entities in a single cache storage. The cache service may support isolation between secrets such that secrets of a first entity are isolated from secrets of a second entity. The cache service may enforce granulated access controls such that it can apply different access controls to secrets of a first entity than to secrets of a second entity.

Abstract: A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications than the one or more absolute stores are to the applications. The cache service may aggregate secrets associated with multiple entities in a single cache storage. The cache service may support isolation between secrets such that secrets of a first entity are isolated from secrets of a second entity. The cache service may enforce granulated access controls such that it can apply different access controls to secrets of a first entity than to secrets of a second entity.

Abstract: An orchestration engine intermittently scans secrets, of different secret types, to identify secrets that are to be rotated. The orchestration engine calls an application programming interface (API) exposed by a serverless management system and wakes up the serverless management system. The serverless management system generates a new secret, stores the new secret for rotation, and interacts with a dependent system in order to revoke an old secret and implement the new secret. Once the secret is rotated, and the new secret is implemented, the orchestration engine stores the new secret in a secret store.

Abstract: A cache service provides applications in a containerized, multi-tenant cloud-computing system low-latency access to secrets. The cache service may operate as a cluster-level service or a sidecar service. The cache service may store copies of secrets (which are located in one or more absolute stores) in a cache storage. The cache service and the cache storage may be closer to the applications than the one or more absolute stores are to the applications. The cache service may aggregate secrets associated with multiple entities in a single cache storage. The cache service may support isolation between secrets such that secrets of a first entity are isolated from secrets of a second entity. The cache service may enforce granulated access controls such that it can apply different access controls to secrets of a first entity than to secrets of a second entity.

Abstract: An orchestration engine intermittently scans secrets, of different secret types, to identify secrets that are to be rotated. The orchestration engine calls an application programming interface (API) exposed by a serverless management system and wakes up the serverless management system. The serverless management system generates a new secret, stores the new secret for rotation, and interacts with a dependent system in order to revoke an old secret and implement the new secret. Once the secret is rotated, and the new secret is implemented, the orchestration engine stores the new secret in a secret store.