...
If a node crashes during the replacement of the partitions, the original backup copies of the partitions are restored when the node starts.
If major topology changes during key rotation - cancelling whole procedure.
Minor topology changes should not affect re-encryption procedure.
If the partition is scheduled for eviction during re-encryption, cancel the re-encryption of this partition.
Process management
// TBD
Public API changes
IgniteEncryption
...
public IgniteFuture<Void> changeGroupKey(Collection<Integer> groups) throws IgniteCheckedException;
// TBD
Monitoring
Re-encryption process state.
- Input: cache id.
- Output:
- List of Tuples6
- Node ID
- Reencryption process state.
- Count of partition to process.
- Current partition index.
- Current partition id.
- Count of processed page in current partition.
// TBD
Reference Links
- PCI DSS Requirements and Security Assessment Procedures
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - How Often Do I Need to Rotate Encryption Keys on My SQL Server?
https://info.townsendsecurity.com/bid/49019/How-Often-Do-I-Need-to-Rotate-Encryption-Keys-on-My-SQL-Server - PCI DSS and key rotations simplified
https://www.crypteron.com/blog/pci-dss-key-rotations-simplified/ - Transparent Data Encryption in MS SQL Server
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver15 - Oracle Transparent Data Encryption FAQ
https://www.oracle.com/database/technologies/faq-tde.html - InnoDB Data-at-Rest Encryption
https://dev.mysql.com/doc/refman/8.0/en/innodb-data-encryption.html - Transparent data encryption feature proposed in pgsql-hackers.
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#Key_Rotation
...