Matrix is an operating system designed for the next era of cloud and internet of things. Its primary objective is to orchestrate massive distributed infrastructure so that they become self-healing, self-organising, and self-adaptable. The Matrix OS is comprised of 5 subsystems that interact in a feedback loop: Forge, Emergence, Overwatch, Adaptation, Convergence.
Human understandable visualisation of complex infrastructure, and recommendation system for optimising Matrix.
Machine learning applied to optimise the cost, performance and reliability of highly availability infrastructure.
Online infrastructure telemetry that captures what, when and why an event happens.
Decentralised self-organising orchestration system for scheduling container applications and allocating computational resources.
Type-safe language and ecosystem of tools for distributed infrastructure development, testing and composition.
We're currently in pre-alpha development, so here is where we report our progress.
Polykey answers the following problems:
- How to automatically deploy software which relies on external API keys?
- How to manage key updates while there are online applications using and depending on those keys?
- How to ensure the security of the keys at-rest or during transit?
- How to revoke access keys?
- How to only pass keys that are strictly relevant for the application? (Principle of Least Privilege)
- How to backup keys?
The first Polykey prototype will be released in 2019.
How it works
Polykey is based on “keynodes”, which is a single file containing a set of secrets that can be stored anywhere. Each secret can be shared to another keynode. Sharing can be either push-based or pull-based (just like Git), and this is done via public key cryptography.
A network of keynodes can represent a delivery mechanism for updating secrets. The computation required for dealing with secrets such as cryptographic calculations or network transmissions is distinct from where the secrets are stored. Furthermore, read-only computations only require read-only access.
Since keynodes are just files, they are completely self-hosted and self-contained. You can be sure that your secrets are encrypted at-rest and during transit.
Keynodes are constructed using standard Unix formats: tar archives, git repositories, GnuPG encryption, Unix hardlinks, and just Plain Text. You do not need to launch a service or bind to some network to share secrets. Secrets can simply be acquired using a command line program, or directly accessed via a standard library that understands Unix file formats. This makes the Polykey keynode format very flexible and amenable to automation.