Add Crypto/HSM MKEK Rotation Support (Lightweight)
Currently Barbican has no means to migrate secrets encrypted with a crypto/HSM-style plugin to a new master key encryption key (MKEK) and its associated wrapped project KEKs. This blueprint proposes adding a new Barbican service process that supports completing the rotation process by re-wrapping the project KEKs with the new MKEK. Note that unlike the similarly-named blueprint at https:/
Blueprint information
- Status:
- Complete
- Approver:
- Douglas Mendizábal
- Priority:
- Medium
- Drafter:
- John Wood
- Direction:
- Approved
- Assignee:
- John Vrbanac
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
- Implemented
- Milestone target:
- 1.0.0
- Started by
- Douglas Mendizábal
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
Was this ever implemented?