Hi everyone,
I’m a software developer doing some research in the cryptography right now. I got to understand basics and I moved on to encryption key storage and management. I stumbled upon Vault and I want to use it as EaaS for now. But there are a few concepts I have trouble understanding and integrating in my app.
-
I want to encrypt some data and I just create a new named key, send data to Vault and get encrypted data. Neat! But how does this work with multiple users? Should I generate a named key per user? Or maybe use one master named key with derivation and derive key per data encryption?
-
If key derivation is active, is it safe to store context with data or should it be somehow encrypted, with a different named key?
-
If I understand correctly, I could use ACL templating to restrict access to keys only to user to whom said key is assigned. But to do that, when a user registers in my app I should also create an entity and alias for that user?
I suppose I have many more questions since the amount of information I learned recently is huge, but gotta start somewhere