accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1021) Provide default key management thats secure
Date Thu, 31 Oct 2013 19:55:20 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810625#comment-13810625
] 

Michael Allen commented on ACCUMULO-1021:
-----------------------------------------

The work done for ACCUMULO-998 introduced the SecretKeyEncryptionStrategy interface, which
is basically a plug in for key management services for the encryption at rest feature.  If
there needs to be something more substantial than what's there, then yes let's discuss what
that should look like.  

One thing to bear in mind is that while there are a couple of nascent standards out there
for key management ([KMIP|https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip],
for example), there isn't enough traction around it yet to warrant the one-size-fits-all approach
for doing key management.  

> Provide default key management thats secure
> -------------------------------------------
>
>                 Key: ACCUMULO-1021
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1021
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>             Fix For: 1.6.0
>
>
> There are a few tickets to support encrypting data at rest in Accumulo.   Encryption
in a cluster is useless w/o good key management.   Users should have the ability to plug in
their own key managment.  Out of the box Accumulo should provide a plugin for key management
thats secure.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message