Rapid7, Inc.
Machine scanning system with distributed credential storage

Last updated:

Abstract:

Systems and methods are disclosed to implement a machine scanning system that stores machine access credentials in a distributed fashion in a pool of scanner nodes. In embodiments, a storage manager node is selected from the pool to manage the storage of each new credential. The storage manager partitions the credential into portions and distributes the portions among the nodes, which may store the portions under different encryptions. A credential storage metadata is updated to indicate portion assignments and also distributed. At scanning time, the node selected to perform the scan uses the credential storage metadata to gather the portions and reconstruct the credential. In embodiments, the portions may be assigned so that no single node holds all portions of the credential, and at least two nodes hold each portion. Advantageously, the disclosed storage scheme enhances the security and availability of access credentials used by the machine scanning system.

Status:
Grant
Type:

Utility

Filling date:

14 May 2020

Issue date:

4 Jan 2022