Automatic secret synchronisation across heterogeneous IT environments

Abstract: Following circumstances such as mergers and acquisitions, the IT systemsassociated with the participating organisations may need to share access towardsservices and systems with eachother. Access towards systems and services is oftencontrolled using secret information such as passwords or keys. This implies thatsharing access between IT systems is achieved by sharing secret information. This thesis proposes new methods for automatic synchronization of secretsbetween different secret management systems that may not be natively compatiblewith one another. After examining how the already existing secret managementsystems function as well as created a data centric threat model, a system design wasproposed. A secret proxy connects to each secret management system which in turnconnects to a central secret distributor that handles and updates the other proxies. The results indicate that such a system can be implemented and securely distributesecrets automatically. By synchronizing secrets automatically, the work involvedwith supporting several secret management systems in parallel which all needaccess to some common secrets could be reduced.