Giters

intel / ehsm

An End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM.

Home Page:https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/An-Intel-SGX-based-Hardware-Security-Module-backed-Key/post/1360130?wapkw=eHSM

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

support CMK rotation

nntp4 opened this issue · comments

commented

feature description:
Change the key regularly at specified time intervals, with the interval unit measured in days.

background
key rotation is implemented in most KMS systems, it use for

  1. minimize the risks of key leaks and misuse.
  2. meet regulatory and standard requirements, and prevent security incidents.
  3. improve the reliability and flexibility of user data.
commented

Thanks for your suggestion.
Key rotation was partially implemented in PR240.
Due to resource limitation, it's not fully implemented and verified yet.
We have put it in todo list and will prioritize required features recently.
Thanks you, @nntp4.

commented

Thanks for your suggestion. Key rotation was partially implemented in PR240. Due to resource limitation, it's not fully implemented and verified yet. We have put it in todo list and will prioritize required features recently. Thanks you, @nntp4.

Thanks for your reply, I got it.