Source: dzone.com
Bringing Your (Encryption) Keys to Multi/Hybrid CloudsCategory: Database, Security, Data, Ubuntu, Infrastructure, Hashicorp, encryption
First, you’ll need to download and install Vault, then get it up and running. You will also need to install cURL and OpenSSL — these usually comes pre-installed with most Linux OSs, and are available via most package managers (apt, yum, brew, choco/scoop, etc)..
Now that the key has been uploaded, we can quickly encrypt and decrypt via the CLI to validate that the key is functioning properly: At this point, the key is in place and can be used to encrypt data at rest or in transit in different parts of AWS.
Our next step is to use the key we generated and uploaded to AWS in Heroku!
While there is a lot to like about the BYOK approach to AWS and Heroku, there are a few considerations that need to be highlighted: With all of this in place, we have demonstrated that maintaining local ownership of your encryption keys is both possible and desirable, and that ownership can then be extended into various cloud providers.
Now that the key has been uploaded, we can quickly encrypt and decrypt via the CLI to validate that the key is functioning properly: At this point, the key is in place and can be used to encrypt data at rest or in transit in different parts of AWS.
Our next step is to use the key we generated and uploaded to AWS in Heroku!
While there is a lot to like about the BYOK approach to AWS and Heroku, there are a few considerations that need to be highlighted: With all of this in place, we have demonstrated that maintaining local ownership of your encryption keys is both possible and desirable, and that ownership can then be extended into various cloud providers.
Related Articles
Community Partners
DevOps Careers