I am pretty new to Vault, but I am pretty much in love with it. I am trying to figure out how to implement user access to the transit engine.
The use case I am building is to encrypt a user defined text blob and store that in a db.
Transit seemed like the right engine to use, though I am open to other engines I may have overlooked.
The system would ideally have many users that can encrypt a blob that only they could access. My current design would have a single transit engine deployed and each user, upon, creation, would get their own key ring added. Then use that key ring to encrypt the data blob.
Am I understanding the use of the each of those pieces correctly?
Finally, what would the best way to store access to the key ring? Should vault handle the IAM? That seems like an overcomlication, but I just was hoping for others people’s thoughts to make sure I am not missing anything.
Thanks for any feedback.