...
- Initiating message is sent by discovery.
- Initiating message should contain:
- New master key hash.
- New master key id.
- When server node processed message following actions are executed:
- It obtain hash of new master key.
- Compares it with the one in message
- If it differs then error added to the message.
- If on step1 there are some errors we log it and cancel process. Otherwise got to step3.
- Action message is sent by discovery.
- Action message sould contain:
- New master key hash.
- New master key id.
- When server node processed message following actions are executed:
- Blocks creation of encrypted cache key.
- Encrypt cache group keys with new master key.
- Unblock creation of encrypted cache key.
- EncryptionSPI executes keys rotation (implementation specific).
Process completion:
Process completes when all nodes in cluster will process action message.
...
- Obtain old master key by id
- Obtain new master key by id
- Reencrypt cache group keys with new master key and store it to metastore.
- EncryptionSPI executes keys rotation (implementation specific).