Key rotation required in case of it compromising or at the end of crypto period(key validity period).
Design assumes that administrator will provide ability to get new master key by EncryptionSPI from underlying storage.
To implement ability to rotate master encryption key.
New processes:
Master key rotation.
Master key rotation recovery start.
New administrator commands:
Master keys view: node -> master key hash
Cache group keys view: node -> group name -> encryption key hash
Administrator initiates key rotation via some kind of user interface(CLI, Visor, Web Console, JMX, etc).
Process completes when all nodes in cluster will process action message.
If some node was unavailable during master key rotation process it will unable to join to the cluster because it has old master key has.
To update this node design introduce master key recovery start option.
Administartor initiates process by providing startup option.
Node should execute following steps before join to the cluster:
Master key hashes.
Input: nothing
Output:
List of Tuples3
Node ID
Current key hash
Previous key hash or null.
Cache key hashes.
Input: cache id.
Output:
List of Tuples3
Node ID
Current key hash
Previous key hash or null.