Supported Encryption Engine
OPV’s encryption is designed to work with multiple encryption engines. Currently supported encryption engines are
- Hashicorp Vault (TODO)
- Transit Secret
Built-in secretbox encryption engine
Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with secret-key cryptography.
For example, to configure the built-in secretbox encryption engine, you can set a list of secret keys to use. The first key is always the secret key for encryption, and all the keys will be used for decryption, which allows key rotation.
Make sure you use a secure random string generator with 32 bytes.
Hashicorp Vault Transit Secret Engine
Encryption Engine Configuration
For more details, see Env Configuration →.