Key Management Design – Separation and Rotation #1925
Replies: 1 comment
-
|
Tn thunder, we do not use keystores, instead we pass the keys directly to the conffiguration files making the key management out of Thunder.
In Thunder, we already have 2 different default keys (Signing and TLS) [1]. We do not need internal keystores for Thunder.
We already have the ability to use multiple keystore and map the key alias to different protocols [1]. We need to improve this to use different keys in different applications [2]. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Below are some common key management requirements that may be needed for Thunder, along with a possible approach to modularizing them.
1. Key Separation Capability
We may need to support key separation in the following scenarios:
Deployment-level separation
We can allow different keys for different purposes:
Initially, we can start with a single key used for all three purposes, but the system should provide the capability to separate them when required.
Protocol-level separation
Separate keys for protocols such as OIDC and SAML.
Application-level separation
This was suggested earlier — to support application-specific keys for signing and encryption.
Typically, internal keys are not rotated, but primary keys and protocol/application-level keys may require rotation.
2. Key Rotation
Primary keys must be rotated and should have proper expiration dates. Therefore, we need a proper key rotation mechanism where:
Initial Scope Suggestion
For the initial phase, it would be better to focus on:
More advanced separation (protocol-level and application-level keys) can be added later.
Beta Was this translation helpful? Give feedback.
All reactions