Key management cache synchronization

Assignee

• International Business Machines Corporation · US

Inventors

• Ryan K. Cradick · Oronoco, US
• John A. Riendeau · Madison, US
• Paul Gerver · Rochester, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0822
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Encryption key management for containerized applications is provided. An application container receives a request, directed to a wrapped data encryption key (WDEK), and it is determined whether a local cache associated with the application container stores a mapping of the WDEK to an unwrapped data encryption key (DEK). In response to a cache miss, a shared list, that stores entries corresponding to WDEKs to be synchronized among a plurality of local encryption key caches of a set of application containers, is accessed to determine a set of WDEKs that are missing from the local cache. A key management service provides the WDEKs and corresponding DEKs for the set of WDEKs. The shared list data structure and the local encryption key cache are updated based on the WDEKs and DEKs obtained from the key management service, to thereby synchronize the local encryption key cache with the shared list data structure.