I’ve covered quite a few different topics related to Oracle Functions recently on this blog, but today I’ll cover what probably should have been the first post in this series. In my previous posts, I showed you how to set configuration variables for your applications and functions, but I have yet to show you how to keep those variables secure. In this post, we’ll look at using Key Management in your Oracle Cloud tenancy to encrypt and decrypt your configuration to do just that.
Since this process involves multiple steps, I thought it would be helpful to give you an outline of the steps that we’re going to take:
· Create a KMS vault
· Create a Master Encryption Key
· Generate a Data Encryption Key (DEK) from the Master Encryption Key
· Use the DEK plaintext return value to encrypt the sensitive value (offline)
· Store the encrypted sensitive value as a config variable in the serverless application
· Store the DEK ciphertext and the initVector used to encrypt the sensitive value as Function config variables
· Within the function, decrypt the DEK ciphertext back into plaintext using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK
For regular information become a member in the Developer Partner Community please register here.