Dan Clift
Reputation: 1
Is it possible to perform evelope encryption in CockroachDB?
With Tink and AEAD I can perform envelope encryption in BigQuery. ref: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping https://fuchsia.googlesource.com/third_party/tink/+/refs/tags/v1.4.0/docs/KEY-MANAGEMENT.md#envelope-encryption
In CockroachDB there is an encrypt and encrypt_iv functions but I can't find away to protect the DEK with a KEK stored in a cloud KMS. Is this possible ?
I have read the CockroachDB documentation and also looked into the CockroachDB source code but can not find any help.
Upvotes: 0
Views: 54
Answers (1)
JaneXing1998
Reputation: 21
Customer-Managed Encryption Keys (CMEK) might be the functionality that you are looking for: https://www.cockroachlabs.com/docs/cockroachcloud/cmek
Upvotes: 0
Related Questions
- Spring Boot with KMS
- Fundamental difference between Hashing and Encryption algorithms
- Cannot decommission cockroachdb node
- Does my application "contain encryption"?
- GCP Cloud KMS - custom key, disaster recovery possible?
- Java 256-bit AES Password-Based Encryption
- encryption/decryption with multiple keys