Privacera Platform master publication

Key Encryption Key (KEK)
:

A KEK encrypts the Data Encryption Key (DEK).

KEKs are encrypted with the Master Key.

The KEKs are stored and managed in Apache Ranger KMS. Apache Ranger KMS manages the KEK keys to either encrypt DEKs to create Encrypted Data Encryption Keys (EDEKs) or to decrypt EDEKs.

  • If a KEK is deleted, any associated encrypted data cannot be decrypted.