Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables by Todd Sharp


I’ve covered quite a few different topics related to Oracle Functions recently on this blog, but today I’ll cover what probably should have been the first post in this series. In my previous posts, I showed you how to set configuration variables for your applications and functions, but I have yet to show you how to keep those variables secure. In this post, we’ll look at using Key Management in your Oracle Cloud tenancy to encrypt and decrypt your configuration to do just that.

Since this process involves multiple steps, I thought it would be helpful to give you an outline of the steps that we’re going to take:

· Create a KMS vault

· Create a Master Encryption Key

· Generate a Data Encryption Key (DEK) from the Master Encryption Key

· Use the DEK plaintext return value to encrypt the sensitive value (offline)

· Store the encrypted sensitive value as a config variable in the serverless application

· Store the DEK ciphertext and the initVector used to encrypt the sensitive value as Function config variables

· Within the function, decrypt the DEK ciphertext back into plaintext using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK

· Read the complete article here.

Developer Partner Community

For regular information become a member in the Developer Partner Community please register here.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook image Meetups

Technorati Tags: PaaS,Cloud,Middleware Update,WebLogic, WebLogic


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.