Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6407

Rotate database_secret_key in Mirror Registry for OpenShift

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • Quay
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      Rotate database_secret_key in OMR

      2. What is the nature and description of the request?

      replacing old keys with new ones, automatically, at regular intervals maybe with each y stream updates  

Implement a dual key strategy where both the old key and the new key are valid during a transition period. This allows you to decrypt existing data with the old key while encrypting new data with the new key.

Implement logic to check which key was used to encrypt existing table entries. 

After ensuring all data is re-encrypted and no longer using the old key, remove it 

AWS KMS or Azure Key Vault can be used to enable automatic key rotation

       

      3. Why does the customer need this? (List the business requirements here)

      This reduces the risk of key compromise. It also helps to meet the requirements of various regulations and standards, such as PCI DSS, HIPAA, GDPR, and NIST, that mandate key rotation for data security and privacy.

      4. List any affected packages or components.

      Mirror registry for OpenShift

              DanielMesser Daniel Messer
              rhn-support-sbhavsar Sayali Bhavsar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: