Update to Credhub encryption to use Key Encryption Key (KEK) protocol scheme

Home Messages Hashtags Subgroups

ebastian@... #8734 Hi everyone, The Credhub team is proposing a change to the current encryption scheme. Changing the current encryption scheme from Data Encryption Key (DEK) to Key Encryption Key (KEK) would allow for: increased Credhub security posture simplification of Credhub encryption key rotation integration with third-party KMS vendors with a data size limit Details of the change can be found here. Please feel free to share your thoughts and concerns and reach out with any questions! Thanks, The Credhub Team
More All Messages By This Member

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.