...
- The sentitive information, like datastore credentials, WiFi Passwords etc., are in clear-text format inside the configuration blob, received from controlled module. The sensitive information is exchanged between agents in the EVE, as is through pubsub channel.
- The sensitive information should be in cypher text format inside the configuration blob for EVE node. And a A set of APIs will be provided to the EVE agents to decrypt them, using TPM.
- The sensitive information exchange between the controller and EVE node should be encrypted end-to-end, in man-in-the middle proxy deployments also.
- There encryption methodolgy used for achiving this, should also work with third-party CA verification
...