Hari Krishna Dara created HBASE-29368:
-----------------------------------------
Summary: Comprehensive key management for encryption at rest
Key: HBASE-29368
URL: https://issues.apache.org/jira/browse/HBASE-29368
Project: HBase
Issue Type: New Feature
Components: encryption
Reporter: Hari Krishna Dara
Assignee: Hari Krishna Dara
Develop a comprehensive key management system for HBase's encryption at rest
functionality. This enhancement will encompass:
# API Support: Creation of new APIs to facilitate interaction with the key
management system.
# Key Lifecycle Management: Implementation of robust procedures for key
generation, storage, activation, deactivation, and destruction.
# More comprehensive integration with external Key Management Systems (KMS)
and newer encryption guidelines for enhanced security and compliance.
# L1/L2 Caching: Design and implementation of multi-level caching mechanisms
(L1 and L2) to optimize key retrieval performance and reduce latency.
# Address current limitations with encryption keys.
This new feature aims to overcome existing limitations related to Key
Encryption Key (KEK) and Data Encryption Key (DEK) management, specifically
addressing challenges in key rotation, visibility, and automation, thereby
significantly improving the security and operational efficiency of HBase
encryption at rest.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
