...
Users can control the master key rotation process key via some kind of user interface(CLI, JMX, Java API, etc).
- JAVA API:
ignite.encryption().changeMasterKey(String masterKeyId) - starts master key rotation process.
String ignite.encryption().getMasterKeyId() - gets current master key id.
- JMX:
changeMasterKey(String masterKeyId) - starts master key rotation process.
String getMasterKeyId() - gets current master key id.
- CLI:
# Starts master key rotation.
control.sh --encryption change_master_key newMasterKeyId
# Displays cluster's current master key id.
control.sh --encryption get_master_key
# Starts ignite with MK recovery process. See details.
ignite.sh --change-master-key newMasterKeyId
...
public IgniteConfiguration setEncryptionMasterKeyId(String keyIdmasterKeyId) - sets master key id.
public String getEncryptionMasterKeyId()
Code changes
MetaStorage
MetaStorage will store master key id.
...