Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Purpose of rotate keys #90

Closed
cstewart87 opened this issue Mar 6, 2014 · 1 comment
Closed

Purpose of rotate keys #90

cstewart87 opened this issue Mar 6, 2014 · 1 comment

Comments

@cstewart87
Copy link

I was trying to explain the knife vault rotate keys command the other day, and was having troubles fully understanding its purpose.

This command does not change who can access they vault, does it?

Is it for the case of client keys that have been regenerated on the chef server?

Thanks for any clarification.
@moserke
Copy link
Contributor

moserke commented Mar 6, 2014

Correct, it does not change any vault access, what it is for is rotating the symmetric key used for the underlying encrypted data bag item. You would do this for a couple reasons:

  1. The symmetric key got compromised, so you rotate it to a new one
  2. It's been awhile since key rotation and you have a policy that you have rotate keys on a certain time period

It randomly generates a new symmetric key and re-public encrypts it for each client/admin found in the vault.

Hope that helps!

Kevin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moserke @cstewart87