cf-dev@lists.cloudfoundry.org | Update to Credhub encryption to use Key Encryption Key (KEK) protocol scheme

Home Messages Hashtags Subgroups

Date Date 1 - 2 of 2

Update to Credhub encryption to use Key Encryption Key (KEK) protocol scheme

ebastian@... #8734 Hi everyone, The Credhub team is proposing a change to the current encryption scheme. Changing the current encryption scheme from Data Encryption Key (DEK) to Key Encryption Key (KEK) would allow for: increased Credhub security posture simplification of Credhub encryption key rotation integration with third-party KMS vendors with a data size limit Details of the change can be found here. Please feel free to share your thoughts and concerns and reach out with any questions! Thanks, The Credhub Team
More All Messages By This Member
Mike Lloyd <mike@...> #8736 Credhub team, What does the migration plan for this feature look like? Is the migration from key types a non-breaking change, or will it require all new deployments and keys? Thanks, Mike. toggle quoted message Show quoted text From: cf-dev@... <cf-dev@...> On Behalf Of ebastian via Lists.Cloudfoundry.Org Sent: Thursday, October 3, 2019 2:59 PM To: cf-dev@... Subject: [cf-dev] Update to Credhub encryption to use Key Encryption Key (KEK) protocol scheme Hi everyone, The Credhub team is proposing a change to the current encryption scheme. Changing the current encryption scheme from Data Encryption Key (DEK) to Key Encryption Key (KEK) would allow for: increased Credhub security posture simplification of Credhub encryption key rotation integration with third-party KMS vendors with a data size limit Details of the change can be found here. Please feel free to share your thoughts and concerns and reach out with any questions! Thanks, The Credhub Team
More All Messages By This Member

1 - 2 of 2

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms