The attributes API came out of a requirement for a consulting project that all data be encrypted at rest even if DB was compromised @sgrif
-
-
(Note that this works for some definitions of "at rest" but not others. Guess what: many legal regimes aren't sure what they mean.)
-
I've come to the conclusion that most "technical experts" don't understand limits of encryption for data-in-use & mounted volumes.
End of conversation
New conversation -
-
-
how do you handle keys/passphrases? Having to SSH in whenever the server reboots makes me not want to do this
-
I do exactly that. Other options are "pull them from a server which rigorously logs/audits/authorizes access to secrets."
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.