You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support encrypting keys stored in the key value store:
use a configurable secret for en/decryption
think of migrating existing keys, or;
add config flavour for this and support through key-roll
This can help against some issues where a backup ends up in the wrong hands. But only if the encrypting secret is secure. So, probably only really adds value if that would be in some HSM device.
The text was updated successfully, but these errors were encountered:
Support encrypting keys stored in the key value store:
This can help against some issues where a backup ends up in the wrong hands. But only if the encrypting secret is secure. So, probably only really adds value if that would be in some HSM device.
The text was updated successfully, but these errors were encountered: