)]}'
{"security-guide/source/secrets-management/barbican.rst":[{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"144fb4a39402b6e018a141376741160cbe187e5b","unresolved":true,"context_lines":[{"line_number":61,"context_line":"The PKCS#11 crypto plugin can be used to interface with a Hardware"},{"line_number":62,"context_line":"Security Module (HSM) using the PKCS#11 protocol. Secrets are encrypted"},{"line_number":63,"context_line":"(and decrypted on retrieval) by a project specific Key Encryption Key"},{"line_number":64,"context_line":"(KEK) which in it\u0027s turn encrypted and decrypted with MKEK. MKEK resides in"},{"line_number":65,"context_line":"the HSM along with HMAC. Since a different KEK is used for each project, and"},{"line_number":66,"context_line":"since the KEKs are stored inside a database in encrypted form (instead of in"},{"line_number":67,"context_line":"plaintext in the configuration file) the PKCS#11 plugin is much more"}],"source_content_type":"text/x-rst","patch_set":1,"id":"36cb1f8d_3d01cce1","line":64,"range":{"start_line":64,"start_character":12,"end_line":64,"end_character":32},"updated":"2021-04-27 15:46:19.000000000","message":"The grammar looks wrong in this sentence.","commit_id":"cb7cd0c78638ae818c797bbb8d787b5fdd8711c4"},{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"144fb4a39402b6e018a141376741160cbe187e5b","unresolved":true,"context_lines":[{"line_number":61,"context_line":"The PKCS#11 crypto plugin can be used to interface with a Hardware"},{"line_number":62,"context_line":"Security Module (HSM) using the PKCS#11 protocol. Secrets are encrypted"},{"line_number":63,"context_line":"(and decrypted on retrieval) by a project specific Key Encryption Key"},{"line_number":64,"context_line":"(KEK) which in it\u0027s turn encrypted and decrypted with MKEK. MKEK resides in"},{"line_number":65,"context_line":"the HSM along with HMAC. Since a different KEK is used for each project, and"},{"line_number":66,"context_line":"since the KEKs are stored inside a database in encrypted form (instead of in"},{"line_number":67,"context_line":"plaintext in the configuration file) the PKCS#11 plugin is much more"}],"source_content_type":"text/x-rst","patch_set":1,"id":"78202684_c5dea55d","line":64,"range":{"start_line":64,"start_character":54,"end_line":64,"end_character":58},"updated":"2021-04-27 15:46:19.000000000","message":"What\u0027s an MKEK?","commit_id":"cb7cd0c78638ae818c797bbb8d787b5fdd8711c4"},{"author":{"_account_id":6547,"name":"Andreas Jaeger","email":"jaegerandi@gmail.com","username":"jaegerandi"},"change_message_id":"42e4786f32f97ec73b032c8f29932a8b86deee41","unresolved":true,"context_lines":[{"line_number":61,"context_line":"The PKCS#11 crypto plugin can be used to interface with a Hardware"},{"line_number":62,"context_line":"Security Module (HSM) using the PKCS#11 protocol. Secrets are encrypted"},{"line_number":63,"context_line":"(and decrypted on retrieval) by a project specific Key Encryption Key"},{"line_number":64,"context_line":"(KEK). KEK is protected (encrypted) with Master KEK (MKEK). MKEK resides in"},{"line_number":65,"context_line":"the HSM along with HMAC. Since a different KEK is used for each project, and"},{"line_number":66,"context_line":"since the KEKs are stored inside a database in encrypted form (instead of in"},{"line_number":67,"context_line":"plaintext in the configuration file) the PKCS#11 plugin is much more"},{"line_number":68,"context_line":"secure than the simple crypto plugin. It is the most popular back end"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3ab6e29a_d8944e06","line":65,"range":{"start_line":64,"start_character":7,"end_line":65,"end_character":24},"updated":"2021-05-05 07:16:58.000000000","message":"Some articles are needed:\nA KEK is protected .. with a Master KEK. A MKEK resides in the HSM along with the HMAC.","commit_id":"36a6a0195fc7e4dbb024d7c14b1913dd663eb4f7"}]}