App Deployment Flow
The deployment step consists for the app owner in deploying their application into MSE. Basically:
- Send the code and the configuration
- Allocate the resource and spawn the app
- Check the trustworthiness of their service
The deployment is breaking down into two stages:
The first one consists in interacting with the Cosmian MSE backend by sending the code and the configuration
The second one consists in interacting right with the spawned MSE node
When you use
mse deploy these two stages are merged into this single subcommand.
Let’s describe in a deeper way what happens when the app owner uses:
Stage 1: code encryption when dispatching¶
In stage 1, because the TLS connection between the app owner and Cosmian are managed by Cosmian and because the app owner wants to protect their code from Cosmian, the code is sent encrypted to Cosmian with a key only known by the app owner.
The cryptography specifications are explained here.
All the scenarii proceed that way.
MSE instance verification¶
Between stage 1 and stage 2, the app owner should verify the MSE app, that is to say:
- check that the code is running inside an enclave
- check that this enclave belongs to Cosmian
- check that the code is exactly theirs
If not, the app owner shouldn’t proceed with stage 2 (
mse deploy won’t proceed). The stage 2 consists in sending the secret data which can be done only if we are sure the TLS connection is trusted.
This stage is skipped when deploying using
For more details about this step, read security.
Stage 2: secret data configuration¶
At this point, the app owner has sent their encrypted code inside the MSE node and trusts it. Before the application being able to start, the MSE node needs several extra secret parameters:
- The key to decrypt the code
- The private key of the SSL certificate if the TLS connection of the app is managed by the app owner (scenario #2)
Both these parameters are sent straight to the MSE node using the dedicated TLS connection managed by the enclave. Therefore, only the MSE app can decrypt the app code previously sent.
Start the application¶
The app owner code is decrypted and started.
The TLS connection used is described in the next paragraph