Nutanix, Inc.
KEY MANAGERS FOR DISTRIBUTED COMPUTING SYSTEMS USING KEY SHARING TECHNIQUES

Abstract:

Examples described herein may provide local key managers on computing nodes of distributed computing systems. The local key managers may protect secrets (e.g. cryptographic keys) in the distributed system such that risk of compromise is reduced or eliminated. The local key managers may utilize a master key to protect secrets. The master key may be protected by generating multiple key shares using a key sharing technique (e.g., Shamir's secret sharing). The multiple key shares may be stored on different nodes in the distributed computing system. In some examples, secure processors, such as trusted platform modules (TPMs), may be incorporated in computing nodes of distributed computing systems described herein. The secure processor may aid in securely protecting cryptographic keys in the event of disk or node theft, for example.