Abstract:
Some small and medium enterprises embed their encryption keys and other software secrets
directly in the source code for applications that use them, thereby introducing the risk of exposing
the secrets. Today, there are multiple systems for managing keys. However, it can be hard to pick
a suitable one. The objectives of the study were to identify available key management systems for
securing secrets in software, evaluate their suitability for use by small and medium businesses
based on various attributes and recommend a best practice to configure the most suited system
for managing software secrets. The study identified key management systems that were
compared against a set of requirements created from a small and medium business perspective.
The systems that fulfilled the requirements were implemented and comprehensively evaluated
through SWOT analyses based on various attributes. Each system was then scored and compared
against each other based on these attributes. A summary of best practice guide for the most
suitable key management system was established. During the study a total of 15 key management
systems were identified with various features and purposes. Out of these 15 systems, five key
management systems were comprehensively compared. These were Pinterest Knox, Hashicorp
Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp
Vault was deemed to be the most suitable system for small and medium enterprises in Africa.
