ADR-0004: SPIKE Keeper Minimalist Design Approach

• Status: accepted
• Date: 2024-11-03
• Tags: Security, Redundancy, Availability

Context

SPIKE Keeper serves as a critical component in our system’s key management infrastructure, working alongside SPIKE Nexus. We need to establish clear design principles for SPIKE Keeper to ensure it fulfills its role effectively and reliably.

Key considerations:

• SPIKE Keeper co-exists with SPIKE Nexus on the same machine/node (this restriction can be removed if we further secure the communication between SPIKE Keeper and SPIKE Nexus with double encryption)
• It serves as a recovery mechanism for SPIKE Nexus crashes
• System reliability is crucial for key management
• Service complexity often correlates with failure rates

Decision

We will implement SPIKE Keeper following a strict minimalist design philosophy:

• Core Functionality:

  • Single responsibility: maintain root key in memory
  • No additional features beyond key retention
  • Minimal API surface area

• Implementation Constraints:

  • No optional or “nice-to-have” features
  • No additional endpoints unless absolutely necessary for core function
  • Resist feature creep and scope expansion
  • Avoid unnecessary dependencies

Consequences

Positive

• Reduced points of failure
• Easier to maintain and debug
• Lower resource consumption
• Faster startup time
• Simplified testing
• Higher reliability due to reduced complexity
• Clear and focused code base
• Easier security auditing
• Reduced attack surface

Negative

• May need to reject potentially useful features
• Could require additional services for new functionality
• Might seem limited compared to full-featured alternatives
• May face pressure to add features over time

Implementation Guidelines

Code Organization

• Keep codebase small and focused
• Implement only essential error handling
• Minimize external dependencies

Feature Evaluation Criteria

• Is it essential for key retention?
• Is it required for recovery scenarios?
• Can it be handled by another service?

Performance Considerations

• Optimize for memory usage
• Keep startup time minimal
• Maintain low CPU footprint

Monitoring Guidelines

• Focus on essential metrics only:
  • Memory usage
  • Key presence
  • Basic health checks
• Avoid complex monitoring implementations

References

• Unix philosophy of doing one thing well
• Microservice design principles
• KISS (Keep It Simple, Stupid) principle

Notes

• Future feature requests should be evaluated against this ADR’s principles.
• Any deviation from the minimalist approach requires strong justification and possibly a new ADR.

• ADR-0021: SPIKE Keeper as a Stateless Shard Holder
• ADR-0020: Switch to Zola for Documentation System
• ADR-0019: Plugin-Based Storage Backend Architecture
• ADR-0018: Administrative Access to SPIKE
• ADR-0017: Synchronous Persistence for SPIKE Secrets Store
• ADR-0016: Memory-First Secrets Store
• ADR-0015: Use Singular Form for File and Package Naming
• ADR-0014: Maintaining SQLite as SPIKE’s Primary Storage Backend
• ADR-0013: S3-Compatible Storage as SPIKE’s Backing Store
• ADR-0012: HTTP Methods for SPIKE API
• ADR-0011: PostgreSQL as SPIKE’s Backing Store
• ADR-0010: Session Token Storage Strategy for SPIKE Nexus
• ADR-0009: Multi-Administrator Support System
• ADR-0008: Administrative Access Control System
• ADR-0007: Root Key Lifecycle and Management Strategy
• ADR-0006: Trust Boundary Definition and Security Assumptions
• ADR-0005: Use SPIFFE mTLS for Inter-Component Authentication and Communication
• ADR-0004: SPIKE Keeper Minimalist Design Approach
• ADR-0003: Root Key Management and Storage Strategy
• ADR-0002: Use Docsify for Documentation System
• ADR-0001: Display Secrets in Plain Text in SPIKE Pilot Admin CLI

• SPIKE System Overview
• SPIKE Security Model
• SPIKE Architectural Decision Records