This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How secure is Apigee X KVM store

Posted on 01-03-2024 02:43 AM
abhijithsh
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I have been using KVM store for easy access to some credentials used. I wanted to check if using KVM suffice to the requirement of keeping the values secure.

1. Is KVM maps encrypted by default if no parameter is passed in the management api call during creation ?

2. How can we compare Secret Manager and KVM Store in terms of security in an Apigee proxy's perspective ?

3. Is it possible by any method other than a KVM policy to read the values in KVM ?

@dchiesa1 @API-Evangelist 

1 2 173
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Happy New Year.

Choice depends on specific security requirements and the sensitivity of the data you need to store, access control, auditing, rotation policies. Speak to your security office for better guidance & may be follow your standard api security guidance.

1. Is KVM maps encrypted by default if no parameter is passed in the management api call during creation ?

As per documentation it states these are encrypted.. 

https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps#aboutencrypted

2. How can we compare Secret Manager and KVM Store in terms of security in an Apigee proxy's perspective ?

There will be slight differences as apigee KVM uses cloud KMS so there may be slight difference of encryption algorithm specific to apigee when compared with secrets manager, Access Controls, Auditing, rotation. But it dependens

3. Is it possible by any method other than a KVM policy to read the values in KVM ?

via api's..

https://cloud.google.com/apigee/docs/api-platform/cache/key-value-maps#api

0 Likes

Posted on --/--/---- --:-- AM
abhijithsh
Bronze 5
Bronze 5
In response to API-Evangelist
Reply posted on --/--/---- --:-- AM

Happy new year.

2. Do we have any insight into how susceptible Apigee KVM is to an attack compared to Secret Manager. I would like to know why someone should select Secret Manager over KVM store to store secrets used in Apigee. I know that Secret Manager allows key rotation and access control by permissions or roles. But, will there be any reason to use Secret manager if a static value is being stored and no other system needs to read the value.

3. The APIs does not allow to read KVM value but to delete, or create. Please correct me if I am wrong.

0 Likes