Custom Encryption Key
By default the backups are encrypted with a general encryption key defined in
the a9s Backup Manager.
The application developer can customize the backup encryption key for each
service instance in the a9s Service Dashboard. The default minimum length for
the customized encryption key is 8
.
Important:
- When an application developer changes the custom encryption key again he is no longer able to download backups with the old custom encryption key.
- The encryption key can only be set directly on the a9s Backup Manager config
file or via the a9s Service Dashboard. It is not configurable by ops-file.
The
backup_manager_encryption_key
from the ops-file is only used to encode the database columns.
Set min length for custom encryption key
You can configure a minimum length for the backup encryption keys that developers can configure in the a9s Service Dashboard.
Configuration
You can use the Ops file backup-service-min-key-length.yml
and dashboard-app-min-key-length
and the variable custom_encryption_key_min_length
to set the minimum length.
You can set the variable either in CredHub or add this value via the
--var custom_encryption_key_min_length=16
flag to the bosh deploy
command.