Concepts of retrievable secrets
What you should know about retrievable secrets.
A retrievable secret is a ultravisor-managed secret associated with an SEL guest image. It is securely retrievable only by the attested guest instance for which it was provisioned. Secrets are never directly exposed to hypervisors or other guests.
Each secret is identified by a 32-byte identifier bound to a specific SEL guest and type.
You add secrets using add-secret requests. Typically, during boot, the guest submits these add-secret requests to the ultravisor, which releases the corresponding secrets securely.
Tenants must securely store any secrets they plan to use as retrievable secrets. These secrets are needed to regenerate valid add-secret requests when updating or rebuilding SEL images. This is because add-secret requests and Secure Execution headers are cryptographically linked to specific image measurements.
Safeguards
- Secrets are tied to a specific guest identity, preventing reuse or impersonation.
- Add-secret requests must be validated to prevent insertion of malicious or unauthorized requests.
- The ultravisor enforces integrity checks on each add-secret request when it is submitted.