generated from coulomb/repo-seed
44 lines
1.2 KiB
Markdown
44 lines
1.2 KiB
Markdown
# Pattern: Key-per-Tenant
|
|
|
|
Status: seed
|
|
Readiness target: RL4 regulated production
|
|
Primary owners: NetKingdom, Railiance platform, product repos
|
|
Genesis family: Secrets and cryptography
|
|
|
|
## Problem
|
|
|
|
Shared encryption keys make tenant data separation and incident
|
|
containment weaker than the tenant model may require.
|
|
|
|
## Context
|
|
|
|
Use this pattern for sensitive tenant data, regulated tenants, object
|
|
storage, databases, backups, and export/deletion workflows.
|
|
|
|
## Forces
|
|
|
|
- Per-tenant keys strengthen isolation and revocation.
|
|
- Key lifecycle is operationally complex.
|
|
- Applications need safe key selection without tenant spoofing.
|
|
- Backups and derived data need the same key boundary.
|
|
|
|
## Solution
|
|
|
|
Assign tenant-specific encryption keys or key hierarchy roots where risk
|
|
requires it. Bind key use to trusted tenant context, policy, audit, and
|
|
rotation procedures.
|
|
|
|
## Verification
|
|
|
|
- Tenant data is encrypted with the correct tenant key or key hierarchy.
|
|
- Cross-tenant key use is denied.
|
|
- Rotation and revocation are tested.
|
|
- Backups and exports preserve tenant key boundaries.
|
|
|
|
## Related Patterns
|
|
|
|
- Tenant Data Partitioning.
|
|
- Tenant Context Propagation.
|
|
- OpenBao runtime secret authority.
|
|
- Central Audit Ledger.
|