Automatic data encryption and decryption with Clevis and Tang

Passing Secrets

Conclusions

Data can be decrypted in a completely automatic process using Clevis and Tang. Clevis relies on Tang, so the data decryption only works if the Tang server is available. Under no circumstances does the actual key cross the wire; instead, it is recalculated during the recovery process. Policies can be defined using the SSS algorithm so that different data encryption and decryption methods are used where necessary.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Rebuilding the Linux ramdisk
    If your Linux system is failing to boot, the dracut tool can be a convenient way to build a new ramdisk.
  • Safe Files

    Encrypting your data is becoming increasingly important, but you don’t always have to use an encrypted filesystem. Sometimes just encrypting files is enough.

  • New Encryption System Prevents Server Snooping
  • Password management with FreeIPA
    Passwords should be safe, but easy to remember – a contradiction that can be difficult to resolve. One remedy is a password manager that stores all passwords centrally. The open source tip this month shows a different approach: FreeIPA.
  • Credential management with HashiCorp Vault
    Admin teams can use secret sharing to centrally manage shared access to user accounts and services. HashiCorp Vault is one of the few tools that has proven effective when it comes to implementing this solution. Here's how to use this open source tool and keep important credentials safe.
comments powered by Disqus