...
String masterKeyName
name.New master key should be available to EncryptionSPI
for each server node. The cluster should be active.
Users can control the master key rotation process key via some kind of user interface(CLI, JMX, Java API).
ignite.encryption().changeMasterKey(String masterKeyName)
- starts master key rotation process.String ignite.encryption().getMasterKeyName()
- gets current master key name.changeMasterKey(String masterKeyName)
- starts master key rotation process.String getMasterKeyName()
- gets current master key name.control.sh --encryption change_master_key newMasterKeyName
control.sh --encryption get_master_key_name
...
Master key change process consist of two phases:
Each phase is a distributed process.
The goal is to verify that all server nodes have the same master key.
...
A server node starts prepare phase with the MasterKeyChangeRequest
that contains:
Each server
...
node
...
executes following
...
actions
...
:
It
obtain hashobtains a digest of a new master key. If the digest is unavailable then the process completes with the error.
MasterKeyChangeMessage
ack action message is sent by discovery as a custom event.Action message sould containThe coordinator starts the perform phase when the prepare phase completed without errors.
The coordinator node starts prepare phase with the MasterKeyChangeRequest
that contains:
Each server
...
node
...
executes following
...
actions
...
:
...
ChangeMasterKeyRecord
) that consist of:MetaStore
.Distributed process is a cluster-wide process that accumulates single nodes results to finish itself.
The process consists of the following phases:
InitMessage
sent via discovery.SingleNodeMessage
sent via communication.FullMessage
sent via discovery.Several processes of one type can be started at the same time.
Process The process completes when all nodes in cluster will process action messagethe perform phase completed (all nodes was re-encrypts their keys).
...
To update this node user should run ignite with system property (IGNITE_MASTER_KEY_NAME_TO_CHANGE_BEFORE_STARTUP=newMasterKeyIdnewMasterKeyName
)
The node will re-encrypt cache keys with new MK and try to join to cluster.
...
Cache keys must not be created during the master key rotation process. So, a node will throw an exception if a user will start cache during the key rotation process. Moreover, if group keys were generated before the master key change the cache start will be rejected (case of client node starts the cache).
The node will process the critical error failure. Failure handler must stop the node to prevent inconsistent keys in the cluster.
...