I would say that a new cry.provider is probably best
you really don't want to do the encryption on individual messages for
performance reasons, you want to encrypt the file as a whole.
David Lang
On Fri, 17 Apr 2020, Erol Guven via rsyslog wrote:
Date: Fri, 17 Apr 2020 14:47:33 +0100
From: Erol Guven via rsyslog <[email protected]>
To: [email protected]
Cc: Erol Guven <[email protected]>
Subject: [rsyslog] Encrypting logs with AWS KMS Customer Managed Key
We have audit logs that we log to a file. We want to encrypt these audit
log messages. I read that I can use `gcry` in `cry.provider` to encrypt the
messages. However, we would like to use the Customer Managed Keys (CMK) we
defined in AWS KMS service.
What would you recommend?
The options I thought about are
1. develop a new cry.provider like gcry that uses the AWS CMK.
2. develop a new action type to encrypt individual messages.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
