Secrets at Shopify - Introducing EJSON

This is a continuation of our series describing our evolution of Shopify toward a Docker-powered, containerized data centre. Read the last post in the series here. One of the challenges along the road to containerization has been establishing a way to move application secrets like API keys, database passwords, and so on into the application in a secure way. This post explains our solution, and how you can use it with your own projects.

Burke Libbey
7 min readintermediate
--
View Original

Overview

This article discusses the introduction of EJSON at Shopify, a library designed to securely manage application secrets in a Docker-powered environment. It addresses the challenges of secret management and outlines the motivation, implementation, and key management processes involved in using EJSON for encrypting sensitive data.

What You'll Learn

1

How to securely manage application secrets using EJSON

2

Why asymmetric encryption is beneficial for secret management

3

When to use Docker for containerized applications

Prerequisites & Requirements

  • Understanding of Docker and containerization concepts
  • Familiarity with command line utilities for encryption(optional)

Key Questions Answered

What are the main challenges in managing application secrets in Docker?
The main challenges include the need for secure provisioning of secrets, the complexity of rotating secrets, and ensuring that decrypted secrets are not exposed in Docker images. The article highlights how these issues were addressed through the implementation of EJSON.
How does EJSON improve secret management compared to previous methods?
EJSON allows for asymmetric encryption, enabling developers to add or rotate secrets without access to the decryption keys. This improves security and simplifies the auditing process, as secrets can be stored in version control with clear change tracking.
What is the process for decrypting secrets at runtime in Docker containers?
During the container initialization process, the secrets are decrypted in-place using a mounted key, which is then unmounted before the application starts. This ensures that the application never has access to the decryption key, enhancing security.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Library
Ejson
Used for encrypting application secrets securely.
Containerization
Docker
Used for deploying applications in a containerized environment.
Configuration Management
Chef
Used for provisioning and managing server configurations.

Key Actionable Insights

1
Implement EJSON in your projects to enhance the security of application secrets.
Using EJSON allows developers to manage secrets securely without exposing sensitive information in Docker images, making it a valuable tool for any containerized application.
2
Adopt asymmetric encryption for managing sensitive data to minimize access risks.
By allowing developers to add or rotate secrets without providing them with decryption capabilities, you can significantly reduce the risk of credential leaks.
3
Utilize version control for encrypted secrets to facilitate auditing and change tracking.
Storing EJSON files in a git repository allows for clear visibility into changes made to secrets, aiding compliance and security audits.

Common Pitfalls

1
Failing to securely manage decryption keys can lead to security vulnerabilities.
It's crucial to ensure that decryption keys are not present in Docker images or accessible by the application to prevent unauthorized access to sensitive data.

Related Concepts

Asymmetric Encryption
Secret Management Best Practices
Container Security