Skip to content

1.5.2 release
Compare
Choose a tag to compare
@kevinAlbs kevinAlbs released this 29 Jul 21:04
· 529 commits to master since this release
1.5.2
8f8675f
This commit was signed with the committer’s verified signature.
kevinAlbs Kevin Albertson
GPG key ID: 0CCC496D1049E918
Learn about vigilant mode.

ChangeLog

1.5.2

Fixed

Fix a potential data corruption bug in RewrapManyDataKey when rotating encrypted data encryption keys backed by GCP or Azure key services.

The following conditions will trigger this bug:

  • A GCP-backed or Azure-backed data encryption key being rewrapped requires fetching an access token for decryption of the data encryption key.

The result of this bug is that the key material for all data encryption keys being rewrapped is replaced by new randomly generated material, destroying the original key material.

To mitigate potential data corruption, upgrade to this version or higher before using RewrapManyDataKey to rotate Azure-backed or GCP-backed data encryption keys. A backup of the key vault collection should always be taken before key rotation.

Assets 2
Loading