Keymaster Middleware¶
Overview¶
Keymaster middleware should be deployed in conjunction with the Encryption Middleware.
Implements key management for the Encryption Configuration feature.
Limitations¶
This middleware can not be disabled once it has been deployed. It is required to provide keys for previously written encrypted data.
Note
Currently, you may only enable the Keymaster middleware before the initial deployment of the cluster. If you are interested in using encryption on an existing SwiftStack cluster, please contact support.
Settings¶
Be sure the Enabled box is checked.
encryption_root_secret
The
encryption_root_secret
option holds the master secret key used for encryption. The security of all encrypted data critically depends on this key and it should therefore be set to a high-entropy value. For example, a suitableencryption_root_secret
may be obtained by base-64 encoding a 32 byte value generated by a cryptographically secure random number generator.The
encryption_root_secret
value is necessary to recover any encrypted data from the storage system, and therefore, it can never be changed and will not be displayed via the SwiftStack controller.