...
- The sentitive information, like datastore credentials, WiFi Passwords etc., are currently received from Controller module in clear-text , as part of format inside the configuration blob. And they are , received from controlled module. The sensitive information is exchanged between agents in the EVE, as is through pubsub channel.
- The sensitive information should be in cypher text format inside the configblobconfiguration blob for EVE node. And a set of APIs will be provided to the agents to decrypt them, for usageusing TPM.
- The sensitive information exchange between the controller and EVE node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodolgy used for achiving this, should also work with third-party CA verification
...