You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Storing email messages on the public cloud such as AWS S3 can be insecure and unacceptable. ElasticInbox supports encryption of the email blobs using AES encryption (AES-CBC with PKCS5 padding is the only supported cipher mode at the moment).
In order to enable encryption, first you need to create Java JCE Keystore and add at least one symmetric key into it. Following command generates new AES-128 key with alias mykey1 and adds it to the keystore:
NOTE: Same password for keystore and key should be used.
Next, you need to enable encryption in ElasticInbox config file and add key alias:
# encrypt objects written to the blob store
blobstore_enable_encryption: true
blobstore_default_encryption_key: mykey1
# encryption settings
encryption:
keystore: "elasticinbox.ks"
keystore_password: mysecret
All new messages will be encrypted using mykey1 key before they are stored in the cloud. ElasticInbox stores encryption key alias in the message metadata and uses it to decrypt message when it's read from the cloud blob storage. This mechanism allows key rotation. However, it's important to make sure that key stores are identical across all of your ElasticInbox nodes.