yuweisung commented on PR #432: URL: https://github.com/apache/pulsar-site/pull/432#issuecomment-1448221388
We may need to add the assumption here. Pulsar isolates the key management and only provides interfaces (CryptoKeyReader) to access public keys. For production system, we recommend extending/implementing CryptoKeyReader with cloud key management (KMS [1] or CKM[2]) or PKI like freeIPA. [1] https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html [2[ https://cloud.google.com/security-key-management On Tue, Feb 28, 2023 at 2:31 AM Zixuan Liu ***@***.***> wrote: > ***@***.**** commented on this pull request. > ------------------------------ > > In docs/security-encryption.md > <https://github.com/apache/pulsar-site/pull/432#discussion_r1119719748>: > > > > ::: > > +If the produced messages are consumed across application boundaries, you need to ensure that consumers in other applications have access to one of the private keys that can decrypt the messages. You can do this in two ways: > > Right! The publick key confuses me. > > Maybe we should rename public key to encryption key name? > > — > Reply to this email directly, view it on GitHub > <https://github.com/apache/pulsar-site/pull/432#discussion_r1119719748>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAJZ64AGR6LMBVNAJHVZD4TWZWZU3ANCNFSM6AAAAAAVDZ2LNE> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> > -- Yu Wei Sung ***@***.*** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
