Hacker News new | ask | show | jobs
by mappu 3050 days ago
Help me understand - that seems like it just centralizes the problem. Since the key is now PII-equivalent, how is the key storage backed up?
1 comments
the_mitsuhiko 3050 days ago
Revolving backups and you throw away old ones. After 30 days or so theast traces of a customer’s keys will be gone.
link
mappu 3049 days ago
In that situation, the data is "inaccessible" but a data breach during the backup retention period will still leak their details.

We can already achieve that result by removing records from the live DB and ignoring the whole backup situation.

So what has this separate encryption process achieved?

link
the_mitsuhiko 3049 days ago
It has achieved that within a time frame PII of a user are removed from backups.
link