Key Management

To support Data at Rest Encryption (D@RE), ECS maintains a hierarchy of encryption keys where a parent key in the hierarchy is used to protect a child key. Prior to ECS 3.3, these keys were natively managed by ECS across the geo-federated environment. From ECS 3.3, support for certain External Key Management solutions that are Key Management Interoperability Protocol (KMIP) compliant have been added. Further to support industry standard practices, ECS 3.3 now supports user initiated key rotation to limit amount of data protected by any given key. Please note key rotation is available for both native and external key management.