|
|
|
|
|
|
by FlyingAvatar
1213 days ago
|
|
|
We solve this problem by storing an identifier of encryption key itself along with each encrypted record. The key is loaded on demand assuming the viewer has access. The encryption key identifier is essentially a timestamp of when the key was generated. We have a process that periodically re-encrypts all data encrypted with the old keys and then purges them. This effectively removes the secrets from our backups because after long enough there is no key to decrypt the data. This is an acceptable trade off for our use case as the sensitive data is generally not required to be kept very long. |
|
|