Introduction
User Guide
Administration Guide
- Lifecycle Management CLI
- Creating an Environment
- Restoring from Backup
- Deleting an Environment
- Monitoring
- Managing Blacklist/Whitelist
- Audit Logging
Authentication
Architecture
- Infrastructure Overview
- REST API
- High Availability
- Security Features
- Files in S3
- Alternative Solutions
Contributing
What Is Cerberus
Cerberus solves a common problem encountered when running cloud applications: how to safely store and manage secrets (e.g. database passwords, API keys, etc.).
Background
At Nike, we have a complex environment with many different applications, technology stacks, AWS accounts, and teams. Cerberus was developed in this environment to increase agility and decrease risk by securely managing secrets, like passwords and API keys, as well as non-sensitive dynamic run-time properties, such as feature flags and logging levels.
Overview
- Uses the AWS Encryption SDK and KMS to manage the actual encryption at rest.
- Operationalized for AWS including a CLI, Cloud Formation templates, edge security, and IAM integration.
- Exposes all functionality via a REST API for easy integration.
- Includes a Dashboard, a self-service Web UI, where teams can manage properties and access control.
- Provides client libraries (e.g. Java, Node, Ruby) that can be used by Cloud applications (EC2 or Lambda) to retrieve properties at run-time.
Cerberus is a cloud native system that relies heavily on AWS infrastructure. It would take significant work to enable it in other environments.
What Cerberus is NOT
Cerberus is designed for storing application secrets such as passwords, API keys, and certificates. It is not meant to be a general purpose Key/Value store for storing any kind of data. It is not a replacement for data stores like Cassandra, DynamoDB, or Redis.