Thank you for a great article!
A question regarding the key hierarchy and cost management.
Would you see any problems with only creating a KMS key which is used for encrypting the user AES key. The user AES key is in turn used for encrypting the order AES key. Both encrypted AES keys are stored alongside its record.
I guess my question is, why even create a KMS key for the order if decrypting it already depends on the user key?
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thank you for a great article!
A question regarding the key hierarchy and cost management.
Would you see any problems with only creating a KMS key which is used for encrypting the user AES key. The user AES key is in turn used for encrypting the order AES key. Both encrypted AES keys are stored alongside its record.
I guess my question is, why even create a KMS key for the order if decrypting it already depends on the user key?