Closed beetle-kl7 closed 3 years ago
Currently, there's no built-in mechanism for swapping or adding keys.
We probably shouldn't do key management or scheduling, but providing a tool to automatically re-encrypts databased on a new key makes sense (which currently does not exist).
Here's an example process that could be followed:
<original column name>_<timestamp identifier>
.<original column name>_<timestamp identifier>
.This is something I was thinking about as well. I have tried similar swapping but w/out an additional column, keeping decrypted content in memory and immediately overridden "old" data.
Being said, it'd be great to provide a tool to automate this process since key retention seems to be important and needs to be done on a timely basis.
You just answered my question, so I guess this issue might be closed now.
Thanks
@beetle-kl7 I created https://github.com/generalpiston/typeorm-encrypted/issues/37 to track that effort. We've had similar asks to get started using encrypted columns as well.
Hey there!
First of all, wanna say thanks for all your hard work in maintaining this project! it is awesome 👏🏻
I am wondering if there is a way to manage encryption keys retention overtime? Let's say I have both "old"-"new" encryption keys pair and want to update my database data, eg encrypt data with a new key. Is there a (relatively) simple way how to do keys retention properly?
Thanks