Envelope Encryption

Encrypting Your Encryption Key?? Storing Secrets Securely in AWS

When it comes to storing secrets securely on any platform, there’s usually one go-to solution: data encryption. It’s incredibly hard to decrypt data that’s been encrypted without key. Sounds good, right? So...what’s the catch?Well, the encryption key. That’s the catch. Encryption keys are stored in plaintext format, so if someone with not-so-nice intentions gets their hands on it, there’s really nothing to stop them from decrypting your data and accessing it.To solve this, application security engineers use what’s called Envelope Encryption. What this newfangled technique does is use a ‘master key’ to encrypt the data key which encrypts the data itself. But you might be wondering: “If I encrypt my data key with a master key, how will I protect my master key?”Well, that’s what this video’s about! Our instructor Nithin Jois will be showing you how to first perform envelope encryption, and then use AWS Key Management Service to store and manage your master keys securely. If you’re into AWS security, don’t miss this one!.