Kasten Encryption using Customer Managed Keys

Question

Hello,

I would like to enable encryption on Kasten using Customer Managed Keys (not AWS).

I read the documentation and I want to be sure of the process (Reference: https://docs.kasten.io/latest/install/configure.html#passkey-management)

By default, Kasten is using encryption by generating a passphrase automatically. It is also possible to specify a passphrase during the installation to setup the encryption. Correct?

By default, Kasten is always using the same encryption key/passkey (no automatic rotation) but it is possible to add new same encryption keys/passkeys using the “Creating Passkeys” chapter instructions. Correct?

By default, Kasten is not deleting encryption keys/passkeys but is Kasten also capable of restoring data that uses the old encryption keys/passkeys while those still exists but are not used anymore (usenow=false)?

Thank you for your answer.

Best regards,

Anonymous · Accepted Answer

Hi@KastenJohn- thanks for your question.This blog describes how Kasten encryption works in great detail. Take a look and let me know if you have any more questions.https://carpal-caribou-7e5.notion.site/Deep-Dive-Encryption-in-Kasten-c770988bbff549b6b69ddcce28ff8feaYou may also find this helpful:https://carpal-caribou-7e5.notion.site/Protecting-Kasten-Snapshots-Using-Vault-e316fefa921946b9be8b19497b39cf7cThere is also a community supported key rotation method using our default PassKeys if you are not using your own KMS (Vault, AWS):https://github.com/MoritzKn/kasten-key-rotation- I encourage to reach out to the author for any questions.

KastenJohn · Answer

Hello Joey,Thank you very much for these links, everything is more clear now!I will update this post once I will implement this solution !

Comment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded