This message was deleted.
# rke2a
adamant-kite-43734
10/11/2023, 10:35 PMThis message was deleted.
c
creamy-pencil-82913
10/11/2023, 10:46 PMaesgcm isn’t recommended unless you do automated key rotation, which we are not equipped to do.
creamy-pencil-82913
10/11/2023, 10:46 PMcreamy-pencil-82913
10/11/2023, 10:47 PMif we switch to anything it’ll probably be secretbox, but that is not yet a fips-approved alg so it is unlikely to be the default.
h
hundreds-airport-66196
10/11/2023, 11:30 PMso, currently the only option is a KMS plugin or an external KMS (aes-cbc has a vulnerability).
c
creamy-pencil-82913
10/13/2023, 3:41 AMI mean... secretbox also works, but as with all the other opinions you'd have to configure that yourself
h
hundreds-airport-66196
10/13/2023, 2:00 PMthanks @creamy-pencil-82913 I'll check secretbox