| CPC G06F 21/602 (2013.01) [G06F 21/64 (2013.01); G06F 21/78 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for managing sensitive data, the method comprising:
identifying, by a computer system, the sensitive data for a group of application containers using configuration information for the group of application containers;
encrypting, by the computer system, the sensitive data identified for the group of application containers and forming encrypted sensitive data;
requesting, by a configuration container in the computer system, the encrypted sensitive data from an encryption service, wherein the configuration container is deployed and runs before the group of application containers;
saving, by the configuration container in the computer system, the encrypted sensitive data to a shared storage used by the group of application containers when the group of application containers is deployed;
determining, by the computer system, whether a change has occurred in the sensitive data identified for the group of application containers using the configuration information for the group of application containers after the sensitive data for the group of application containers was encrypted to form the encrypted sensitive data;
re-encrypting, by the computer system, the sensitive data for the group of application containers with the change and forming updated encrypted sensitive data in response to a determination that the change to the sensitive data for the group of application containers has occurred; and
updating, by the computer system, the encrypted sensitive data with the updated encrypted sensitive data, wherein the updated encrypted sensitive data is used by the group of application containers.
|