Rapid7, Inc.
Machine scanning system with distributed credential storage

Abstract:

Systems and methods are disclosed to implement a machine scanning system that stores machine access credentials in a distributed fashion in a pool of scanner nodes. In embodiments, a storage manager node is selected from the pool to manage the storage of each new credential. The storage manager partitions the credential into portions and distributes the portions among the nodes, which may store the portions under different encryptions. A credential storage metadata is updated to indicate portion assignments and also distributed. At scanning time, the node selected to perform the scan uses the credential storage metadata to gather the portions and reconstruct the credential. In embodiments, the portions may be assigned so that no single node holds all portions of the credential, and at least two nodes hold each portion. Advantageously, the disclosed storage scheme enhances the security and availability of access credentials used by the machine scanning system.