Description
What is the problem you want to solve?
I want to be able to use the filesystem target in production, but since the keys are not encrypted at rest, it would be insecure to do so. Also, the docs specifically recommend to not use the filesystem in production.
How do you want to solve it?
Encrypt keys and other sensitive data at rest. I don't know what it would take to accomplish this, but at the very least I imagine a private key or asymmetric key would have to be provided at startup to unlock the files.
Additional context
- Are there alternative solutions?
Yes, using a 3rd party KMS (ie AWS or GCP) or self-hosting a KMS like Vault. The issue with these solutions is that it requires you to become dependent on a 3rd party for hosting, pricing, availability, etc. The next best solution for me is to use Vault, but considering the Business Source Licensing fiasco they're in I don't know if I can use their product for my company. This is me just being picky, all else fails I can (and probably will) just chose one of these 3rd parties as my primary KMS.
I love that KES is AGPLv3 licensed, but (in my opinion) that freedom gets diminished when you have to use proprietary and/or 3rd party as your source of truth. If KES could be it's own source of truth this would allow you to use it as your primary KMS, which would be great for small applications and on-prem deployments.
- Would your solution cause a major breaking API change?
For the filesystem target, yes. Alternatively we could create a new "secure filesystem" target, and then keep the existing filesystem target.
- Anything else that is important?
I'm planning on using KES for a single application in a self-hosted environment, and thus won't be needing/using the scalability of KES: I like that KES is minimal and has an easy to use API, something that most/all KMS systems I've looked at don't seem to have. I understand that adding encryption at rest would make it such that KES cannot be scaled horizontally, and this might go against the goals of KES. I'm mainly opening this issue to see if you would consider this path in the first place, and if so, what sort of effort it would take to accomplish.
Thanks!