Citation:

Srinivas Adilapuram, 2022. "A Deep Dive Into SSL Certificate Storage Options: Google Cloud Secret Manager Vs. In-App for Enhanced Security and Scalability", ESP Journal of Engineering & Technology Advancements 2(2): 168-173.

Abstract:

The paper examines the security, scalability, and operational implications of storing SSL certificates within Spring Boot applications compared to storing them in Google Cloud Secret Manager. It explores their implementation processes, strengths, and vulnerabilities. By analyzing performance, security, and cost factors, the research provides insights into selecting the best approach for securing sensitive data, offering recommendations tailored to modern cloud application development.

References:

[1] S. Yao, J. Chen, K. He, R. Du, T. Zhu, and X. Chen, “PBCert: Privacy-Preserving Blockchain-Based Certificate Status Validation Toward Mass Storage Management,” IEEE Access, vol. 7, pp. 6117–6128, 2019, doi: 10.1109/ACCESS.2018.2889898.

[2] J. Vargas, F. Mayorga, D. Guevara, and H. D. Martinez, “Management of SSL Certificates: Through Dynamic Link Libraries,” in Technology Trends, Springer, Cham, 2019, pp. 29–40. doi: 10.1007/978-3-030-05532-5_3.

[3] B. Li et al., “Certificate Transparency in the Wild: Exploring the Reliability of Monitors,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, in CCS ’19. New York, NY, USA: Association for Computing Machinery, Nov. 2019, pp. 2505–2520. doi: 10.1145/3319535.3345653.

[4] J. A. Berkowsky and T. Hayajneh, “Security issues with certificate authorities,” in 2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), Oct. 2017, pp. 449–455. doi: 10.1109/UEMCON.2017.8249081.

[5] A. Alabduljabbar, R. Ma, S. Choi, R. Jang, S. Chen, and D. Mohaisen, “Understanding the Security of Free Content Websites by Analyzing their SSL Certificates: A Comparative Study,” in Proceedings of the 1st Workshop on Cybersecurity and Social Sciences, in CySSS ’22. New York, NY, USA: Association for Computing Machinery, May 2022, pp. 19–25. doi: 10.1145/3494108.3522769.

[6] R. Dastres and M. Soori, “Secure Socket Layer (SSL) in the Network and Web Security,” Int. J. Comput. Inf. Eng., vol. 14, no. 10, pp. 330–333, Nov. 2020.

[7] J. S. Resende, L. Magalhães, A. Brandão, R. Martins, and L. Antunes, “Towards a Modular On-Premise Approach for Data Sharing,” Sensors, vol. 21, no. 17, Art. no. 17, Jan. 2021, doi: 10.3390/s21175805.

[8] A. Gupta, P. Goswami, N. Chaudhary, and R. Bansal, “Deploying an Application using Google Cloud Platform,” in 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Mar. 2020, pp. 236–239. doi: 10.1109/ICIMIA48430.2020.9074911.

Keywords:

SSL certificate, Google Cloud Secret Manager, storing certificates within the application, Spring Boot Applications.