search

zitadel / zitadel

ZITADEL - Identity infrastructure, simplified for you.
https://zitadel.com
Apache License 2.0
8.92k stars 565 forks source link

Rotating masterkey #6768

Open iFrozenPhoenix opened 1 year ago

iFrozenPhoenix commented 1 year ago

Preflight Checklist

Describe your problem

I'd like to rotate the master key on a regular basis to keep the underlying secrets secure.

Describe your ideal solution

If the key should be rotated the instance is started with the flags masterkey (contains the new key) and masterkey-old (with the old masterkey). The old masterkey is then used to decrypt the secrets and the new one to encrypt them again. After the process finished the old masterkey cannot be used anymore. If the process is started again with these flags and masterkey is already the currently used masterkey nothing happens and the instance runs normally.

Version

latest

Environment

Self-hosted

Additional Context

No response

hifabienne commented 1 year ago

Thank you for sharing your idea. If there is a significant demand from customers/community, we will carefully consider implementing the feature. Currently, the issue will be added to our product backlog.

Meanwhile, if you're interested in implementing it yourself, we also welcome pull requests.

hifabienne commented 1 month ago

@muhlemmer @livio-a is this implemented with the new webkey implementation? https://github.com/zitadel/zitadel/pull/8508

muhlemmer commented 1 month ago

No, this issue is about the masterkey used for encryption in the storage. Currently, if you loose or change the masterkey on the commandline, you essentially loose access to all stored secrets in zitadel.