Skip to content

Console Data Storage

Jump to bottom
Mike edited this page May 29, 2024 · 1 revision

Date: 2/14/2024

Status: Proposed

Business Implications

High. The decision addresses security requirements mandated by the business and expected by the customer for securely storing sensitive device information.

Context

One of the requirements that customers have when using Console is that they don't need to enter the AMT credentials every time they want to connect to and manage a device. To serve this requirement, Console will need to store sensitive device information. The storage of this information could have a variety of implementations (local DB, file, network DB service, etc). In understanding how customers will use Console, there are a few use cases that are of high priority.

  1. Console will be used as a stand-alone application. IT administrators will run the application locally on their PC and manage AMT devices over the local network.

  2. Console will be used as a plug-in to a larger device management application. Console would be launched via the device management application UI with device-specific information being passed to Console.

  3. Console will be used as a stand-alone application but can connect to a cloud service to manage AMT devices via a cloud-based MPS.

For this ADR, we'll focus on use case #1 as this is the highest priority use case and is required for our initial release. Future ADRs will address how we handle data storage protection in use cases #2 and #3 if required.

Decision

For the initial release, we have decided to go with a local database that can be integrated into the Console application and supports encryption. We have come to this decision based on the following considerations:

  • Cross-Platform Single Executable Requirement: Go's ability to compile to a single binary that is cross-platform meets our core requirement for Console. By including a local database that can be integrated into Console maintains our goal to deliver a cross-platform single executable.

  • Store Sensitive Information Encrypted: There are a few Go-based database solutions that support encryption (i.e., Badger) that could be used to meet this requirement. Beyond the requirement from the business that we must store sensitive information such as device credentials encrypted, customers also have an expectation that if a malicious user gets a hold of their data file, the information contained in the data file is encrypted.

Subsequent releases of Console may need to include options for not using the local database and instead connecting to a remote database solution such as a networked DB or cloud provider service.

Consequences

  • We satisfy both the business and customer requirements to keep their sensitive data, such as device credentials secure while the data is at rest.
  • We keep the Console application as a single file executable, meeting the requirements of delivering a stand-alone application.
  • We do not prevent an option to later implement a different data storage solution; however, a future different solution will still need to protect the sensitive data while not in use.

Questions Answered

  • Do we need to ship Console with an installer for our initial release?
  • How are we protecting sensitive information such as device credentials?

Console Wiki

ADRs

Clone this wiki locally