Hello Igniters!
Nikolay almost finished PR review. Does anyone else want to look at
the changes? [1]
I implemented master key change management through Java API and JMX. I
created the issue [2] to implement change through control.sh that I
will do after the merge first one.
[1] https://github.co
Hello, Nikita.
Thank you.
I will take a look. shortly.
чт, 17 окт. 2019 г. в 18:23, Maxim Muzafarov :
> Nikita,
>
> > Can we include it into a 2.8 release scope?
> I think it is possible since the release scope freeze date has not
> happened yet.
>
> On Thu, 17 Oct 2019 at 17:36, Nikita Amelche
Nikita,
> Can we include it into a 2.8 release scope?
I think it is possible since the release scope freeze date has not happened yet.
On Thu, 17 Oct 2019 at 17:36, Nikita Amelchev wrote:
>
> Hi, Igniters!
>
> I have implemented the master key change process [1] for TDE as
> described in the des
Hi, Igniters!
I have implemented the master key change process [1] for TDE as
described in the design [2].
I have prepared PR [3] and created the Upsource review branch [4].
Could anyone take a look at my changes?
Can we include it into a 2.8 release scope?
[1] https://issues.apache.org/jira/b
Hello, Nikita.
> A node creates the ChangeMasterKeyMessage message and sent it by discovery as
> a custom event.
> The goal is to verify that all nodes have the same master key.
...
> The ChangeMasterKeyFinishMessage action message is sent by discovery as a
> custom event.
> New master key id.
Nikolay,
you are right in many ways. I updated the design on the wiki. [1]
[1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=95652381
пт, 20 сент. 2019 г. в 13:49, Nikolay Izhikov :
>
> Nikita
>
> > I suggested the implementation where the encryption manager is
> > responsible
Nikita
> I suggested the implementation where the encryption manager is
> responsible for storing the master key id.
I don't think it's a right proposal.
1. EncryptionSpi implementation becomes more complicated. Developer of it
should be aware of Ignite deployment scenarious, etc.
Imagine imple
Nikolay,
because I suggested the implementation where the encryption manager is
responsible for storing the master key id.
To implement this logic in the EncryptionSpi, we will need to
introduce the methods look like this:
setMasterKeyId(String masterKeyId) // Sets "current" master key id
String
Why do we need "defaultMasterKeyId" instead of *current* master key id that can
be obtained with `KeystoreEncryptionSpi#getMasterKeyName()`?
В Пт, 20/09/2019 в 12:56 +0300, Nikita Amelchev пишет:
> Nikolay,
>
> Thanks for the proposal, I like it.
>
> The GridEncryptionManager will control the p
Nikolay,
Thanks for the proposal, I like it.
The GridEncryptionManager will control the process of master key
rotation, so we should provide him master key id at startup. Seems we
should get it from some configuration for encryption.
I suggest just adding the String defaultMasterKeyId() method i
Hello, Nikita
> IgniteConfiguration: New methods will be added to the IgniteConfiguration:
> public IgniteConfiguration setEncryptionMasterKeyId(String masterKeyId) -
> sets master key id.
> public String getEncryptionMasterKeyId()
We don't need it in the IgniteConfiguration.
As you may know, w
Nikolay, thanks for participating.
I have supplemented the design and clarify these moments. [1]
[1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=95652381
ср, 18 сент. 2019 г. в 16:48, Nikolay Izhikov :
>
> Hello, Nikita.
>
> Thanks for starting this discussion.
>
> 1. We sho
Hello, Nikita.
Thanks for starting this discussion.
1. We should add prerequisites for "master key rotation process" in design.
Seems, it should be, "New master key available to EncryptionSPI for each server
node".
2. Please, use code formatting in wiki. It's make reading easier.
3. Please, cl
Hi, Igniters.
I'm going to implement the ability to rotate the master encryption key
(TDE Phase 2). [1]
Master key rotation required in case of it compromising or at the end
of crypto period(key validity period). I prepared the design. [2]
In briefly, master keys will be identified by String mast
14 matches
Mail list logo
