[GitHub] [pulsar] Subash-Kunjupillai opened a new issue #7326: Support for frequently changing private / public keys

[GitBox <gi...@apache.org>]

Subash-Kunjupillai opened a new issue #7326:
URL: https://github.com/apache/pulsar/issues/7326


   **Is your feature request related to a problem? Please describe.**
   As per the current implementation, if I need to encrypt messages, I need to provide the public and private key based on which the messages are encrypted and decrypted. Lets say I need to change the key at producer end, in that case, the messages which were encrypted with the old keys will not be accessible by consumer as the keys would have been updated at consumer end in-order to handle the new messages. Due to this, we will be left in a situation where we could not update the encryption keys frequently to adhere to the strict security policies of few organizations.
   
   **Describe the solution you'd like**
   I'm not very sure how this will work, but on a high level can we have something like, supporting multiple keys at consumer end (old and new). So that, it can decrypt the messages with both the keys until all the messages encrypted with old keys are consumed. 
   
   **Describe alternatives you've considered**
   This is kind of a restriction to implement frequently changing keys in our environment and we are looking for this feature to be implemented.
   
   **Additional context**
   This was discussed in user mailing list and according to @sijie recommendation raising this issue.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org