公开(公告)号：US20230246845A1

公开(公告)日：2023-08-03

申请号：US17649513

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Matthew Schechtman ,  Taher Elgamal

IPC: H04L9/32 ,  G06F21/60 ,  H04L9/08

CPC classification number: H04L9/3247 ,  G06F21/602 ,  H04L9/0894

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.

公开(公告)号：US11997215B2

公开(公告)日：2024-05-28

申请号：US17649513

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Matthew Schechtman ,  Taher Elgamal

IPC: G06F21/60 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/602 ,  H04L9/0894

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.