We are adding an encrypted disk queue option to the shipper which is required for Endpoint security to migrate to the shipper. To encrypt the queue we'll need to generate an encryption key and securely persist it. The scope of this issue is to design how we'll generate this key and how we'll store it when running under the agent.
I believe the key storage added by #398 provides the secure cross-platform storage support we'd need for storing the key. How do we use it to store the queue encryption key? Should the shipper or the agent generate the key? How is the key communicated to the shipper?
Since we are encrypting the disk queue, the encrypted data will persist through upgrades and downgrades of the agent. We will need to carefully think through edge cases related to upgrades.
We are adding an encrypted disk queue option to the shipper which is required for Endpoint security to migrate to the shipper. To encrypt the queue we'll need to generate an encryption key and securely persist it. The scope of this issue is to design how we'll generate this key and how we'll store it when running under the agent.
I believe the key storage added by #398 provides the secure cross-platform storage support we'd need for storing the key. How do we use it to store the queue encryption key? Should the shipper or the agent generate the key? How is the key communicated to the shipper?
Since we are encrypting the disk queue, the encrypted data will persist through upgrades and downgrades of the agent. We will need to carefully think through edge cases related to upgrades.