Make the prefix in the ciphertext format returned by transit engine be configurable #8600
Labels
Comments
|
Hi @shwuandwing, thanks for opening this issue. Yes, I can confirm that the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The ciphertext format returned by the transit engine is of the format
vault:v1:. We would like the "vault" prefix be customizable on per key basis.
like. mycompany:v1:
From a discussion in the mailing list. https://discuss.hashicorp.com/t/what-is-the-vault-ciphertext-format-in-case-i-want-to-parse-it/3574 , Jeff thought it was customizable but in reality it is not.
Describe the solution you'd like
Add a property to each key (ciphertext_prefix), to make the prefix customizable. Note, given how the prefix works, it could be set once on key creation but not modified after that point.
Describe alternatives you've considered
Explain any additional use-cases
Useful in environments utilizing multiple KMS / encryption services (Vault +AWS KMS +GCP KMS+....)
Additional context
None
The text was updated successfully, but these errors were encountered: