Define the strategy to enable sensitive information to be utilized within the application management mechanism #145
Description
Feature description
Goal: Enable application developers to expose sensitive information within the application description and deployment specification.
** Category **
- application description file
- application deployment and management
- Device runtime
Provide adequate technical acceptance criteria(s) associated with this feature below:
- Define how application developers can indicate which parameters are supposed to be protected
- Define how this information is protected during app configuration, transit via the deployment specification, and storage within the device.
Although not required, it is highly encouraged to provide feature use-cases below:
- It needs to be possible to protect any information that should be considered sensitive (credentials, connection strings, keys, etc.), so it needs to be possible to indicate a parameter in the application definition that needs to be treated specially because it contains sensitive information.
- Since this information is sensitve we need to ensure it is not transmitted as plain text so anyone can see the values. Also, only the device that values are indend for should be able to access/use the values to ensure the information is protected from misuse
Additional information
Proposed solution:
- Update the parameters section of the application definition to indicate how to mark a parameter as containing sensitive information
- Update the fleet manager requirements to indicate that these parameters need to be securely handled (e.g, plain text never displayed in the UI)
- Update the desired state requirements to indicate that these sensitive values should not be transmitted unencrypted, and only the device for which the values are intended should be able to use them
- Update the device requirements to indicate how to decrypt and securely use these values when installing the application
associated with feature #129