[
https://issues.apache.org/jira/browse/HBASE-29368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on HBASE-29368 started by Hari Krishna Dara.
-------------------------------------------------
> Comprehensive key management for encryption at rest
> ----------------------------------------------------
>
> Key: HBASE-29368
> URL: https://issues.apache.org/jira/browse/HBASE-29368
> Project: HBase
> Issue Type: New Feature
> Components: encryption
> Reporter: Hari Krishna Dara
> Assignee: Hari Krishna Dara
> Priority: Major
> Labels: pull-request-available
>
> Develop a comprehensive key management system for HBase's encryption at rest
> functionality. This enhancement will encompass:
> # API Support: Creation of new APIs to facilitate interaction with the key
> management system.
> # Key Lifecycle Management: Implementation of robust procedures for key
> generation, storage, activation, deactivation, and destruction.
> # More comprehensive integration with external Key Management Systems (KMS)
> and newer encryption guidelines for enhanced security and compliance.
> # L1/L2 Caching: Design and implementation of multi-level caching mechanisms
> (L1 and L2) to optimize key retrieval performance and reduce latency.
> # Address current limitations with encryption keys.
> This new feature aims to overcome existing limitations related to Key
> Encryption Key (KEK) and Data Encryption Key (DEK) management, specifically
> addressing challenges in key rotation, visibility, and automation, thereby
> significantly improving the security and operational efficiency of HBase
> encryption at rest.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
