Open pfremm opened 5 years ago
Can you explain your use case a little more? It is unclear to me what feature you are asking for in Vault.
The basic use case is for symmetric encryption where maybe rotation of the symmetric key used for encryption is generational, but the data itself is very ephemeral and does not need to be maintained. Say data is in a distributed cache for some period of time and the data in the cache needs to be stored encrypted. Today if I use transit encryption the key is static and I have to pre-create a named key. I thought it would be nice if you could attach a lifecycle policy where new named keys would be created automatically, with encrypt access being blocked when referencing an expired key. Then any rotation requirements could automatically be met Vs having to instrument the creation of new keys today.
Hello @pfremm - is this still an issue in current versions of Vault? For reference, 1.16 was released a couple of weeks ago. Thanks!
In specific situations we have data that is basically cached with a relatively short TTL but the data in the cache needs to be encrypted. Ideally we'd like to either use transparent encryption, or the k/v store but have a built in lifecycle where the key automatically is rotated after a period of time.