80e2dad367
Add the ability to rewrap keks when the master key is updated by simply doing an update. Also, provide some needed ordering in the steps involving MKEK and HMAC creation, sync and update. Change-Id: I5e5a099173e82c04f4e0157049df08c8c7c47045
8 lines
365 B
YAML
8 lines
365 B
YAML
---
|
|
features:
|
|
- Added ability to rewrap project KEKs (key encryption keys) when doing an
|
|
upgrade. This allows deployers to rewrap KEKs whenever they rotate the
|
|
master KEK and HMAC keys when using the PKCS#11 plugin behind Barbican.
|
|
- Also added some needed ordering for master key creation, sync and update
|
|
when using a Thales HSM behind Barbican.
|