💡 [REQUEST] - Enabling automatic disarming via KMS integration for Nebula Authorities #178
Description
Is there an existing issue for this?
- I have searched the existing issues
Reference Issues
No response
Problem
Disarming an authority instance within Nebula relies on embedding disarm key shares directly into configuration files. This approach introduces several security and operational challenges:
-
it requires hard-coding sensitive key material, increasing the risk of accidental disclosure, theft, or misuse. As organizations scale or rotate keys, maintaining and updating these embedded secrets becomes labor-intensive and prone to human error.
-
Relying on static, file-based configurations limits the system’s ability to dynamically adapt to changing environments and complicates cloud-native deployments.
Describe the solution you'd like
This feature request proposes integrating Nebula's authority disarming process with a trusted Key Management Service (KMS) for secure, automated key retrieval – mirroring the "auto unsealing" capabilities popularized by HashiCorp Vault.
Instead of embedding disarm key shares directly into configuration files, the authority would be configured to securely fetch and decrypt these shares at runtime, utilizing a KMS such as AWS KMS or GCP KMS. Access to these keys would be governed by robust IAM policies and role-based access controls, ensuring that disarm operations can only be performed by authorized entities.
Additional context
No response