Closed bombillazo closed 1 year ago
@bombillazo key rotation requires re-encryption of encrypted columns. I believe https://github.com/generalpiston/typeorm-encrypted/issues/37 is intended to help, but we haven't implemented it yet.
Another option is to separate data encryption keys and key encryption keys and rotate the key encryption keys, only. Performing a shallow rotation like this usually meets company and auditor requirements IIRC.
After reading more on the topic seems like this is the common approach! Thanks for answering!
No problem.
Let's use https://github.com/generalpiston/typeorm-encrypted/issues/61 to document how to handle key rotation.
any update
@texiontech the key rotation issue is tracked under https://github.com/generalpiston/typeorm-encrypted/issues/61
Hey, if one is using key rotation for improved security, how does that affect the use of this package?