Skip to main content
Open

Encrypt data always with latest Key

Related products:Software FactoryIndicium Service Tier
  • May 5, 2023
  • 1 reply
  • 49 views
Geurt
Arie V
J. de Lange
+2
  • Geurt
    Geurt
  • Arie V
    Arie V
  • J. de Lange
    J. de Lange
  • Suleyman
  • HarryA
  • Hans Pot
  • Karin

Arie V
Community Manager
  • Community Manager
  • 1061 replies

Since TWP 2023.1 it is possible to store different Pool user credentials, provided that data protection settings are configured in Indicium's appsettings.json. The Encrypt/Decrypt process actions provide great potential to secure our own data too. However, the current behavior is rather tricky: Indicium will generate a new Key every 90 days, but in order to decrypt data that is encrypted with an older Key we need to keep all old Keys.

As a result the Docs contain below warnings, but these Docs are not necessarily top of mind of IT Operators. Also, 10 years from now we would have 40+ of such Keys, some of which more than 10 years old. That might trigger IT Operators to clean up the Key vaults.

 As such, I believe the current setup poses a serious and hard to manage risk that old Keys will be lost at some point. 

IDEA: every time Indicium triggers creation of a new Key, all Encrypted data must be updated with the new Key and the old Key should automatically be deleted afterwards. 

This will ensure we only need to safeguard the most recent Key and will significantly reduce the risk of lost data.

Did this topic help you find an answer to your question?

1 reply

Mark Jongeling
Administrator
Forum|alt.badge.img+23
NewOpen

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings