24Eki
How to setup a Per-File Encryption architecture
I would like to set up a per-file encryption architecture where every file is encrypted with its own key, and each key is encrypted using a master key.
Is there any good articles to read regarding this? Or any advice?
The questions I have are basically:
- Where to store each file key
- Where to store the master key
- How to re-encrypt files if I do a key rotation
- How to rotate the keys
My files are stored in an on-premises S3, I also have a relational database and I'm using Vault (Hashicorp)