You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now we need to turn off encryption at rest for a universe that is currently encrypted at rest through RPC. Add the ability to trigger disabling encryption through the YW UI.
The text was updated successfully, but these errors were encountered:
Summary:
- Can now rotate encryption at rest universe keys for an already-existing universe.
- If the EncryptionAtRestService::createKey/rotateKey calls fail to generate a new universe key, we do not default to a self-generated universe key anymore. In the case of enabling encryption at rest during a universe creation, a failure results in defaulting to an unencrypted universe. In the case of setting the key for an existing universe, it outright fails the set key API request.
- Can specify the set-key operation that is being run (supports "ENABLE" and "DISABLE" at the moment).
Test Plan:
Rotate universe key for a universe already encrypted at rest using the
```
/customers/:cUUID/universes/:uniUUID/set_key
```
API -> ensure the universe is encrypted using a new encryption key file (file name should be suffixed with how many different keys have been set on that specific universe).
Disable encryption at rest by hitting the same endpoint with a
```
"key_op": "DISABLE"
```
k/v added to the normal payload
Reviewers: sanketh, ram
Reviewed By: ram
Subscribers: rahuldesirazu, jenkins-bot, yugaware
Differential Revision: https://phabricator.dev.yugabyte.com/D7445
Right now we need to turn off encryption at rest for a universe that is currently encrypted at rest through RPC. Add the ability to trigger disabling encryption through the YW UI.
The text was updated successfully, but these errors were encountered: