Description
Implementation of the KV <---> ns_server Encryption Management API. This includes
- Key format
- Bootstrap keys
- Create bucket new configuration parameter
- SetActiveEncryptionKey
- Definition of configuration files read by memcached
And the optional commands of
- SetEncryptionKeys
- DropEncryptionKey
Attachments
Issue Links
- blocks
-
MB-62176 KV Support for Encryption at Rest
- Open
Gerrit Reviews
For Gerrit Dashboard: MB-62178 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
211651,3 | MB-62178: Use 8k buffer size for encrypted memcached.log | master | kv_engine | Status: NEW | -1 | +1 |
210843,31 | MB-62178: Add API doc for encryption@rest | master | kv_engine | Status: MERGED | +2 | +1 |
211116,1 | MB-62178: Prototype encryption@rest log/audit | master | kv_engine | Status: ABANDONED | 0 | -1 |
211180,24 | MB-62178: Add a library to deal with encryption keys | master | kv_engine | Status: MERGED | +2 | +1 |
211181,21 | MB-62178: Read keys from command line | master | kv_engine | Status: MERGED | +2 | +1 |
211189,18 | MB-62178: Add opcode to set encryption key | master | kv_engine | Status: MERGED | +2 | +1 |
211198,21 | MB-62178: Allow for memcached.log to be store encrypted | master | kv_engine | Status: MERGED | +2 | +1 |
211199,22 | MB-62178: Allow for storing audit trail encrypted | master | kv_engine | Status: MERGED | +2 | +1 |
211200,22 | MB-62178: Allow encrypted configuration files | master | kv_engine | Status: MERGED | +2 | +1 |
211204,20 | MB-62178: Prototype encryption@rest log/audit | master | kv_engine | Status: ABANDONED | +1 | +1 |
211318,8 | MB-62178: Add functions to read/write files to cbcrypto | master | platform | Status: MERGED | +2 | +1 |
211336,11 | MB-62178: Change encryption file header format | master | platform | Status: MERGED | +2 | +1 |
211389,14 | MB-62178: Add cbcat to cat an encrpted file | master | platform | Status: ABANDONED | 0 | -1 |
211605,7 | MB-62178: Pass on encryption keys to create_bucket | master | kv_engine | Status: MERGED | +2 | +1 |
211633,3 | MB-62178: Add cb::crypto::KeyStore | master | platform | Status: MERGED | +2 | +1 |
211648,8 | MB-62178: Refactor to use cb::crypto::KeyStore | master | kv_engine | Status: MERGED | +2 | +1 |
211649,8 | MB-62178: Keep the bucket encryption keys in ep_engine | master | kv_engine | Status: MERGED | +2 | +1 |
211692,5 | MB-62178: supply the lookup function to couchstore | master | kv_engine | Status: MERGED | +2 | +1 |
211900,2 | MB-62178: Use enum for cipher | master | kv_engine | Status: MERGED | +2 | +1 |
211901,5 | MB-62178: Use enum for cipher | master | platform | Status: MERGED | +2 | +1 |
211990,4 | MB-62178: The shared_ptr to encryption key should be const | master | kv_engine | Status: MERGED | +2 | +1 |
211991,4 | MB-62178: The shared_ptr to encryption key should be const | master | platform | Status: MERGED | +2 | +1 |
211992,7 | MB-62178: Simplify logic to set active enc key | master | kv_engine | Status: MERGED | +2 | +1 |
212000,11 | MB-62178: Allow for list of keys to compact db | master | kv_engine | Status: MERGED | +2 | +1 |
212928,4 | MB-62178: Use filename+file offset as associated data | master | platform | Status: MERGED | +2 | +1 |
213173,9 | MB-62178: Proxy calls to get/set encryption info to magma | master | kv_engine | Status: MERGED | +2 | +1 |
213218,2 | MB-62178: Change SetActiveEncryptionKey | master | kv_engine | Status: MERGED | +2 | +1 |
213222,5 | MB-62178: Run SetActiveEncryptionKeys on thread pool | master | kv_engine | Status: MERGED | +2 | +1 |
213223,7 | MB-62178: Add notification function for encryption keys changed | master | kv_engine | Status: MERGED | +2 | +1 |
213229,6 | MB-62178: Add test in memcached_testapp to verify encryption | master | kv_engine | Status: MERGED | +2 | +1 |
215408,8 | MB-62178: Add stats to get encryption key ids in use | master | kv_engine | Status: MERGED | +2 | +1 |
215877,4 | MB-62178: Add stats to get encryption key ids in use (magma) | master | kv_engine | Status: MERGED | +2 | +1 |
215910,5 | Revert "MB-62178: Proxy calls to get/set encryption info to magma" | master | kv_engine | Status: MERGED | +2 | +1 |
215961,4 | MB-62178: Proxy calls to get/set encryption info to magma | master | kv_engine | Status: MERGED | +2 | +1 |
216047,2 | MB-62178: Add support for migrating off keys in magma | master | kv_engine | Status: MERGED | +2 | +1 |