Microsoft Corporation
Access management system with a secret isolation manager

Abstract:

Methods, systems, and computer storage media for providing identification of secrets as one-way secrets in a computing environment. In particular, a secret isolation manager of an access management in the computing environment can identify an entity as an owner of secrets in a secret storage structure. In operation, the secret isolation manager, can receive a request, associated with a requesting entity, to access a secret associated with an approving entity. The request can be for an application of the requesting entity to access a secret of the approving entity. The secret isolation manager accesses the secret storage structure that stores affinity identifiers, where an affinity identifier indicates that the requesting entity has a one-way affinity with the approving entity that owns the secret. The one-way affinity operates to allow the approving entity to share the secret with the requesting entity, so the requesting entity is granted access to the secret.