swift/doc
Alistair Coles 2722e49a8c Add support for multiple root encryption secrets
For some use cases operators would like to periodically introduce a
new encryption root secret that would be used when new object data is
written. However, existing encrypted data does not need to be
re-encrypted with keys derived from the new root secret. Older root
secret(s) would still be used as necessary to decrypt older object
data.

This patch modifies the KeyMaster class to support multiple root
secrets indexed via unique secret_id's, and to store the id of the
root secret used for an encryption operation in the crypto meta. The
decrypter is modified to fetch appropriate keys based on the secret id
in retrieved crypto meta.

The changes are backwards compatible with previous crypto middleware
configurations and existing encrypted object data.

Change-Id: I40307acf39b6c1cc9921f711a8da55d03924d232
2018-08-17 17:54:30 +00:00
..
manpages Merge "Experimental swift-ring-composer CLI to build composite rings" 2018-06-15 04:27:43 +00:00
s3api Small cleanup on s3api 2018-05-01 16:35:27 +09:00
saio Update saio sample config files 2018-08-13 15:33:09 -04:00
source Add support for multiple root encryption secrets 2018-08-17 17:54:30 +00:00
requirements.txt Follow the new PTI for document build 2018-03-26 12:53:37 +00:00