Keymaster Middleware

Overview

Keymaster middleware should be deployed in conjunction with the Encryption Middleware.

Implements key management for the Encryption Configuration feature.

Limitations

This middleware can not be disabled once it has been deployed. It is required to provide keys for previously written encrypted data.

Note

Currently, you may only enable the Keymaster middleware before the initial deployment of the cluster. If you are interested in using encryption on an existing SwiftStack cluster, please contact support.

Settings

Be sure the Enabled box is checked.

encryption_root_secret

The encryption_root_secret option holds the master secret key used for encryption. The security of all encrypted data critically depends on this key and it should therefore be set to a high-entropy value. For example, a suitable encryption_root_secret may be obtained by base-64 encoding a 32 byte value generated by a cryptographically secure random number generator.

The encryption_root_secret value is necessary to recover any encrypted data from the storage system, and therefore, it can never be changed and will not be displayed via the SwiftStack controller.