Expand | ||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||
|
How It Works
Legion::Crypt includes the Cipher module
Legion::Crypt includes the vault module if crypt.vault.enabled is true
The first time Legion::Crypt.encrypt/decrypt is called, it will check to see if it has the cluster secret or figure it out in this order
It first checks to see if it is in Vault. This makes it safe for all nodes to go offline
It will check if any other nodes are online. If there aren’t it will generate a new CS
If there are consumers, it will send a message out with it’s public key asking for the cluster secret
It will then verify the message by looking to unencrypt the test string against the validation_string