Skip to content

Commit

Permalink
feature: key rotation
Browse files Browse the repository at this point in the history
  • Loading branch information
@bruce-ricard
bruce-ricard committed Nov 29, 2023
1 parent 662e384 commit 45e0470
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docs/credhub-security-faq.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ AES key, which CredHub will hold in memory.
This design allows CredHub to have access to the AES key at all times,
without ever having to store it on disk.

Passwords and salts cannot be rotated individually, and they are never
automatically rotated. If you want to rotate either or both of them,
you need to add a new key to CredHub's configuration, and CredHub will
start using that new password and a newly generated salt to create a
fresh AES key.

## How are privileged users prevented from compromising cryptographic
keys?

Expand Down

0 comments on commit 45e0470

Please sign in to comment.