mesellings
commented
2 months ago @Sijoma Published to https://docs.camunda.io/docs/next/components/concepts/encryption-at-rest/
Open engineering-issue-sync-app[bot] opened 5 months ago
mesellings
commented
2 months ago @Sijoma Published to https://docs.camunda.io/docs/next/components/concepts/encryption-at-rest/
mesellings
commented
1 month ago Closed this as not sure why it was reopened by the bot?
#prj-encryptionkey-per-org#prj-encryptionkey-per-org-implemValue Proposition Statement
Increased security by a dedicated disk encryption key for your cluster for data at rest.
User Problem
C8 SaaS uses one encryption key per GCP cluster but not per actual organisation.
The encryption key is owned and managed by GCP, not by Camunda.
Some customers would like to have a dedicated encryption key for data at REST in our SaaS. This encryption key should at least be managed by Camunda, not by GCP.
Release Notes
You can now decide for advanced encryption key mechanisms on C8 SaaS when creating new clusters. Besides default GCP disk encryption, you can now choose between Software and Hardware Keys (HSM) managed by Camunda on GCP KMS. You can do this per cluster, meaning every cluster has a dedicated encryption key.
User Stories
Implementation Notes
What we are looking to offer as an option would be something like this:
Per default everything stays the same - using for clusters the GCP default encryption.
For Enterprise customers, they can choose to create a Camunda cluster using a dedicated encryption key
:robot: This issue is automatically synced from: source