Update to Credhub encryption to use Key Encryption Key (KEK) protocol scheme

ebastian@...
 

Hi everyone,


The Credhub team is proposing a change to the current encryption scheme. 

Changing the current encryption scheme from Data Encryption Key (DEK) to Key Encryption Key (KEK) would allow for:

  • increased Credhub security posture¬†

  • simplification of Credhub encryption key rotation

  • integration with third-party KMS vendors with a data size limit


Details of the change can be found here.


Please feel free to share your thoughts and concerns and reach out with any questions!


Thanks,

The Credhub Team

 

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.