During my trial implementation with DBIx::Class::EncodedColumn::Crypt::OpenPGP i've hit on a notion regarding key storage which I'm wary of being security theatre and/or reinventing a wheel and would appreciate some guidance.
Context wise I'm working towards a VPS in a 3rd part data center installation where security is more important than uptime. It's based in Switzerland but that's no reason to be complacent.
Since shared secrets can be stored in a .pm, is there any particular reason said .pm should not be stored on some seperate machine and downloaded, loaded and deleted at initial run time when the system resides in a persistent execution environment e.g. Catalyst? If the key host is switched on solely when the system is manually started I don't see how it would be possible to access the secrets barring physical access to the server and data recovery tools. Furthermore, if this is a good idea someone more experienced than I has surely done it already.
Thoughts?
In reply to Re^2: Effective database column level encryption?
by maruhige
in thread Effective database column level encryption?
by maruhige
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |