It's a large company that built their own bespoke internal credentials service running over a TCP port to the application with another proprietary protocol to push key material to hosts.

Can't say much more due to NDAs.

Edit: this service handles credentials and rotation for hundreds of thousands to millions of hosts.

!

Wild.

I guess with custom protocols there’s not much that can be learned from that setup. Presumably wrap the request in security, handshake to verify authority, use the custom protocol to deliver the secret which is also wrapped in security.

Too bad they keep it close to the vest, but I certainly don’t begrudge them for it.

I mean the same company built a service with better architecture that they sell as part of their managed computing environment options.

Some people complain about not wanting to use it due to "lock-in."