alt Hacker NewsWe use proprietary tools (QNX compiler, Coverity static analysis, ...) and those require access to a license server which requires some secret.
I don't really understand what you mean by "secure enclave style"? How would that be different?
We use proprietary tools (QNX compiler, Coverity static analysis, ...) and those require access to a license server which requires some secret.
I don't really understand what you mean by "secure enclave style"? How would that be different?
With a secure enclave or an HSM, there's a secret, but the users do not have access to the secret. So, if you have a workflow that needs to, say, sign with a given private key, you would get an API that signs for you. If you need to open a TLS connection with a client certificate, you get a proxy that authenticates for you.
I suppose I would make an exception for license keys. Those have minimal blast radii if they leak.