TY - GEN
T1 - Custos Secrets
T2 - 2022 Conference on Practice and Experience in Advanced Research Computing: Revolutionary: Computing, Connections, You, PEARC 2022
AU - Ranawaka, Isuru
AU - Goonasekara, Nuwan
AU - Afgan, Enis
AU - Basney, Jim
AU - Marru, Suresh
AU - Pierce, Marlon
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/7/8
Y1 - 2022/7/8
N2 - Custos is open source software that provides user, group, and resource credential management services for science gateways. This paper describes the resource credential, or secrets, management service in Custos that allows science gateways to safely manage security tokens, SSH keys, and passwords on behalf of users. Science gateways such as Galaxy are well-established mechanisms for researchers to access cyberinfrastructure and, increasingly, couple it with other online services, such as user-provided storage or compute resources. To support this use case, science gateways need to operate on behalf of the users to connect, acquire, and release these resources, which are protected by a variety of authentication and access mechanisms. Storing and managing the credentials associated with these access mechanisms must be done using "best of breed"software and established security protocols. The Custos Secrets Service allows science gateways to store and retrieve these credentials using secure protocols and APIs while the data is protected at rest. Here, we provide implementation details for the service, describe the available APIs and SDKs, and discuss integration with Galaxy as a use case.
AB - Custos is open source software that provides user, group, and resource credential management services for science gateways. This paper describes the resource credential, or secrets, management service in Custos that allows science gateways to safely manage security tokens, SSH keys, and passwords on behalf of users. Science gateways such as Galaxy are well-established mechanisms for researchers to access cyberinfrastructure and, increasingly, couple it with other online services, such as user-provided storage or compute resources. To support this use case, science gateways need to operate on behalf of the users to connect, acquire, and release these resources, which are protected by a variety of authentication and access mechanisms. Storing and managing the credentials associated with these access mechanisms must be done using "best of breed"software and established security protocols. The Custos Secrets Service allows science gateways to store and retrieve these credentials using secure protocols and APIs while the data is protected at rest. Here, we provide implementation details for the service, describe the available APIs and SDKs, and discuss integration with Galaxy as a use case.
KW - Galaxy
KW - custos
KW - cyberinfrastructure
KW - cybersecurity
KW - open source software
KW - science gateways
KW - secrets management
UR - http://www.scopus.com/inward/record.url?scp=85135210322&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85135210322&partnerID=8YFLogxK
U2 - 10.1145/3491418.3535177
DO - 10.1145/3491418.3535177
M3 - Conference contribution
AN - SCOPUS:85135210322
T3 - PEARC 2022 Conference Series - Practice and Experience in Advanced Research Computing 2022 - Revolutionary: Computing, Connections, You
BT - PEARC 2022 Conference Series - Practice and Experience in Advanced Research Computing 2022 - Revolutionary
PB - Association for Computing Machinery
Y2 - 10 July 2022 through 14 July 2022
ER -