Techly NewsGet the app

Get the latest tech news

Upgrading 3M Variables to Envelope Encryption


The path to bare metal was blocked by KMS. This is the story of how we rid ourselves of that dependency by migrating more than three million variables to envelope encryption.

Moving to bare metal gets us the margins required to build a profitable business but, even disregarding cost, relying on a single infrastructureprovider is a huge technical risk. This means that for each deployment (or other action), the encryption helper decrypts the necessary DEK once and caches it in memory for further operations, reducingthe 100+ trips to KMS to 1. Not only do we get these direct benefits but we’ve also already used this envelope encryption system to persist credentials for our recently-released Private Registry Support.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of encryption

encryption

Photo of variables

variables

Related news:

News photo

Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption

News photo

Minibone: practical end-to-end encryption for web apps

News photo

German government publishes law to guarantee 'right to encryption'

« Firefox Proton UI userChrome.css fixes. (2021)
Amazon is filled with garbage e-books, this is how they get made »