| CPC H04L 9/0894 (2013.01) [H04L 9/0825 (2013.01); H04L 9/083 (2013.01); H04L 9/0891 (2013.01); H04L 9/0822 (2013.01)] | 20 Claims |
|
1. A method, in a data processing system, of encryption key management for containerized applications, the method comprising:
receiving, by an application container, a request directed to a first wrapped data encryption key (WDEK);
determining whether a local encryption key cache associated with the application container stores an entry having a mapping of the first WDEK to a first unwrapped data encryption key (DEK);
in response to the local encryption key cache not storing the entry, accessing a shared list data structure that stores entries corresponding to WDEKs to be synchronized among a plurality of local encryption key caches of a set of application containers, to determine a set of WDEKs that are missing from the local encryption key cache;
obtaining, from a key management service, the WDEKs and corresponding DEKs for the set of WDEKs that are missing from the local encryption key; and
updating the shared list data structure and the local encryption key cache based on the WDEKs and DEKs obtained from the key management service, to thereby synchronize the local encryption key cache with the shared list data structure.
|