Problem description
The raft logs are always encrypted on disk, and the encryption key is written to disk sometimes encrypted (it's encrypted if autolock managers is enabled)
But if your managers are not auto-locked, the key that encrypts the raft data is written basically in plain text in the TLS key's headers. If it's auto-locked, the key that encrypts the raft data gets rotated, and is stored encrypted in the TLS key's headers.
if managers are auto-locked, they can't be restarted automatically after a reboot, for instance - someone has to go in manually to unlock each individual manager). But if managers aren't auto-locked, security-wise, the raft data may as well not be encrypted, since the encryption key is stored right there.
we encrypt, and write the key to disk, because it's easier to just rotate the encryption key rather than have to forcibly delete all the unencrypted raft data
Project version(s) affected
Engine 1.13
Related PRs
cc/ @diogomonica @cyli
Problem description
The raft logs are always encrypted on disk, and the encryption key is written to disk sometimes encrypted (it's encrypted if autolock managers is enabled)
But if your managers are not auto-locked, the key that encrypts the raft data is written basically in plain text in the TLS key's headers. If it's auto-locked, the key that encrypts the raft data gets rotated, and is stored encrypted in the TLS key's headers.
if managers are auto-locked, they can't be restarted automatically after a reboot, for instance - someone has to go in manually to unlock each individual manager). But if managers aren't auto-locked, security-wise, the raft data may as well not be encrypted, since the encryption key is stored right there.
we encrypt, and write the key to disk, because it's easier to just rotate the encryption key rather than have to forcibly delete all the unencrypted raft data
Project version(s) affected
Engine 1.13
Related PRs
cc/ @diogomonica @cyli