[Shipper][Design] Generate and securely store an encryption key for the shipper's encrypted disk queue #582
Assignees
Labels
Comments
cmacknz
added
Team:Elastic-Agent-Control-Plane
7 tasks
|
CC @ph @leehinman |
7 tasks
|
Closing as duplicate of elastic/elastic-agent-shipper#121 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are adding an encrypted disk queue option to the shipper which is required for Endpoint security to migrate to the shipper. To encrypt the queue we'll need to generate an encryption key and securely persist it. The scope of this issue is to design how we'll generate this key and how we'll store it when running under the agent.
I believe the key storage added by #398 provides the secure cross-platform storage support we'd need for storing the key. How do we use it to store the queue encryption key? Should the shipper or the agent generate the key? How is the key communicated to the shipper?
Since we are encrypting the disk queue, the encrypted data will persist through upgrades and downgrades of the agent. We will need to carefully think through edge cases related to upgrades.
The text was updated successfully, but these errors were encountered: