[Question] How is key rotation handled?

[bombillazo]

Hey, if one is using key rotation for improved security, how does that affect the use of this package?

[generalpiston]

@bombillazo key rotation requires re-encryption of encrypted columns. I believe https://github.com/generalpiston/typeorm-encrypted/issues/37 is intended to help, but we haven't implemented it yet.

Another option is to separate data encryption keys and key encryption keys and rotate the key encryption keys, only. Performing a shallow rotation like this usually meets company and auditor requirements IIRC.

[bombillazo]

After reading more on the topic seems like this is the common approach! Thanks for answering!

[generalpiston]

No problem.

Let's use https://github.com/generalpiston/typeorm-encrypted/issues/61 to document how to handle key rotation.

[texiontech]

any update

[generalpiston]

@texiontech the key rotation issue is tracked under https://github.com/generalpiston/typeorm-encrypted/issues/61