- Newest
- Most votes
- Most comments
No Built-In Snapshot/Backup: AWS Nitro Enclaves do not support snapshots or backups due to their design focusing on security and isolation.
Alternative Approaches: To achieve crash resistance, consider storing key material outside the enclave in a secure manner, using redundant enclaves, or integrating with external key management solutions that are not reliant on IAM roles for access.
Hello,
AWS Nitro Enclaves don't support traditional snapshots or backups due to their security design. To meet your crash-resistance and key accessibility requirements:
Redundant Enclaves: Deploy multiple enclaves across different availability zones for fault tolerance. Use Shamir's Secret Sharing for added security.
External Key Storage: Consider using AWS CloudHSM for secure key storage, as it keeps keys out of IAM role governance.
check this document https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
That's the top-level documentation for Nitro Enclaves. Do you intend to link something more specific?
The issue with CloudHSM is that it doesn't support our signing standards and furthermore, whoever is allowed to use an HSM key is still governed by IAM roles. So, you end up back where you started, as far as we can work out.
Relevant content
- asked 17 days ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
Is there a product you would recommend for this? I'm not seeing how to achieve this with AWS HSM or KMS-adjacent services. I also don't know a third-party that would make sense. It generally seems a like a very circular problem--unless someone has developed a solution designed specifically for it.
Assuming we are still generating the keys inside the enclave, this approach would rely on some form of encrypted enclave-to-enclave communication of the secrets (or parts of the secrets), right?
In terms of actual availability, how should we reason about risks? Are enclave outages within a given datacenter correlated? Are there some numbers we can look at?
I think if we were to combine this with something like Shamir's secret sharing, we'd be in quite a good spot. But, it is quite a bit to implement. Do you have examples to which you could link of folks who have encountered a similar set of requirements?