| CPC G06F 11/1435 (2013.01) [G06F 11/1464 (2013.01); G06F 11/1469 (2013.01); H04L 9/0825 (2013.01); H04L 9/0877 (2013.01); G06F 2201/84 (2013.01)] | 20 Claims |
|
1. A method for capturing snapshots of key management data across a series of nodes in a cloud infrastructure, the method comprising:
requesting, by a snapshot orchestrator, a plurality of snapshot instances from a plurality of nodes in a cloud infrastructure service, wherein:
the cloud infrastructure service stores keys for components across the cloud infrastructure, and maintains log records of the keys,
individual snapshot instances, of the plurality of snapshot instances:
correspond to respective entries in the log records, and
comprise modifications to a plurality of client keys maintained by respective nodes of the plurality of nodes, and
the plurality of client keys decrypt client data stored across the cloud infrastructure service;
obtaining, by the snapshot orchestrator from plurality of nodes:
the plurality of snapshot instances, and
metadata corresponding to the plurality of snapshot instances;
verifying the plurality of snapshot instances received from the plurality of nodes include data intelligible to recover states of the plurality of client keys; and
responsive to verifying the plurality of snapshot instances, storing the plurality of snapshot instances and the metadata at a storage node, allowing for subsequent retrieval of the plurality of snapshot instances and recreation of the modifications to the plurality of client keys at any of the plurality of nodes.
|