Open hspostalli opened 3 years ago
Hi @hspostalli, thanks for filing this issue.
I wonder whether pykmip server can be used to encrypt any database ( e.g KMS database).
It depends on what you're envisioning here. The server is already a form of key management system. Are you referring to a different type of system, or a specific version or product?
An i also want to learn what are the reasons you don't recommend the PyKMIP server for production use ? You noticed one of hem is insecure db file. İs there any solution to make the file be secure ?
There are several reasons why the server shouldn't be used for production use. There are a couple of other past issues on GitHub here that mention this as well. I'm not going to go into much detail but the gist of it is the server isn't currently optimized for large scale use. Its data isn't stored in as secure a manner as production would require, at the individual table field or overall database level. The server does not integrate with third-party/external authentication systems, meaning you cannot hook it into your enterprise LDAP/Kerberos backends and must manage separate PKI credentials to use it.
There are other more granular reasons but the ones I listed suffice.
Hi @PeterHamilton ,
Yes, i am referring to a different system. Suppose that i have a sqlite database which supports KMIP. I want to encrypt that db using PyKMIP tools. Is there any possibility for that.
Hi @PeterHamilton
Is there any progress ?
Suppose that i have a sqlite database which supports KMIP. I want to encrypt that db using PyKMIP tools. Is there any possibility for that.
No, this isn't supported. PyKMIP has its own bespoke database schema. It creates a new SQLite database when the server first starts up and uses it until the backing file is destroyed (or the server configuration changes and points to a new backing file). There is no way to take an existing SQLite database (with a non-PyKMIP schema) and run PyKMIP off of it.
If you have keys or other binary data stored in your database, you could export each data item and store it in the PyKMIP server one-by-one using the PyKMIP client. But that's not the same thing.
Hi,
I wonder whether pykmip server can be used to encrypt any database ( e.g KMS database).
An i also want to learn what are the reasons you don't recommend the PyKMIP server for production use ? You noticed one of hem is insecure db file. İs there any solution to make the file be secure ?
Sincerely.