Currently tsxVault master encryption key is sharded as Shamir secret sharing method. We should also implement a feature that allows administrators the option to not shard the key and store it somewhere locally(maybe file or env var).
Describe why this feature is needed:
Not storing the master encryption key locally is better for security but slows down our dev processes that depend on working with encryption flow.
Describe the feature:
Currently
tsxVaultmaster encryption key is sharded as Shamir secret sharing method. We should also implement a feature that allows administrators the option to not shard the key and store it somewhere locally(maybe file or env var).Describe why this feature is needed: Not storing the master encryption key locally is better for security but slows down our dev processes that depend on working with encryption flow.