Considering AWS KMS, what would be a proper solution when the encrypted data is used pretty often?
up vote
0
down vote
favorite
I am studying AWS KMS applied to PHP application.
What happens with performance when the encrypted/decrypted data is heavily used?
On solution would be calling AWS KMS pretty often, let's say once per script run. But I am worried about the performance of my php application because of the roundtrips to aws.
An alternative, which I don't like that much is to call AWS KMS once per session: I just decrypt what I need and then keep it as session variable.
What would be the proper design pattern when the data that needs to be kept is used pretty often?
Thanks!
php aws-kms
asked Nov 8 at 22:49
Gabriel
4211610
add a comment |
up vote
0
down vote
favorite
I am studying AWS KMS applied to PHP application.
What happens with performance when the encrypted/decrypted data is heavily used?
On solution would be calling AWS KMS pretty often, let's say once per script run. But I am worried about the performance of my php application because of the roundtrips to aws.
An alternative, which I don't like that much is to call AWS KMS once per session: I just decrypt what I need and then keep it as session variable.
What would be the proper design pattern when the data that needs to be kept is used pretty often?
Thanks!
php aws-kms
asked Nov 8 at 22:49
Gabriel
4211610
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am studying AWS KMS applied to PHP application.
What happens with performance when the encrypted/decrypted data is heavily used?
On solution would be calling AWS KMS pretty often, let's say once per script run. But I am worried about the performance of my php application because of the roundtrips to aws.
An alternative, which I don't like that much is to call AWS KMS once per session: I just decrypt what I need and then keep it as session variable.
What would be the proper design pattern when the data that needs to be kept is used pretty often?
Thanks!
php aws-kms
asked Nov 8 at 22:49
Gabriel
4211610
I am studying AWS KMS applied to PHP application.
What happens with performance when the encrypted/decrypted data is heavily used?
On solution would be calling AWS KMS pretty often, let's say once per script run. But I am worried about the performance of my php application because of the roundtrips to aws.
An alternative, which I don't like that much is to call AWS KMS once per session: I just decrypt what I need and then keep it as session variable.
What would be the proper design pattern when the data that needs to be kept is used pretty often?
Thanks!
php aws-kms
php aws-kms
asked Nov 8 at 22:49
Gabriel
4211610
asked Nov 8 at 22:49
Gabriel
4211610
asked Nov 8 at 22:49
Gabriel
4211610
asked Nov 8 at 22:49
Gabriel
4211610
asked Nov 8 at 22:49
Gabriel
4211610
4211610
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
You could've used AWS Encryption SDK to implement data key caching which would solve the problem of calling KMS endpoint each time you want to decrypt. But, the Encryption SDK is not available for PHP. I'm not aware of any other solutions :(
answered Nov 13 at 7:26
sudo
1,1091310
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
You could've used AWS Encryption SDK to implement data key caching which would solve the problem of calling KMS endpoint each time you want to decrypt. But, the Encryption SDK is not available for PHP. I'm not aware of any other solutions :(
answered Nov 13 at 7:26
sudo
1,1091310
add a comment |
up vote
1
down vote
You could've used AWS Encryption SDK to implement data key caching which would solve the problem of calling KMS endpoint each time you want to decrypt. But, the Encryption SDK is not available for PHP. I'm not aware of any other solutions :(
answered Nov 13 at 7:26
sudo
1,1091310
add a comment |
up vote
1
down vote
up vote
1
down vote
You could've used AWS Encryption SDK to implement data key caching which would solve the problem of calling KMS endpoint each time you want to decrypt. But, the Encryption SDK is not available for PHP. I'm not aware of any other solutions :(
answered Nov 13 at 7:26
sudo
1,1091310
You could've used AWS Encryption SDK to implement data key caching which would solve the problem of calling KMS endpoint each time you want to decrypt. But, the Encryption SDK is not available for PHP. I'm not aware of any other solutions :(
answered Nov 13 at 7:26
sudo
1,1091310
answered Nov 13 at 7:26
sudo
1,1091310
answered Nov 13 at 7:26
sudo
1,1091310
answered Nov 13 at 7:26
sudo
1,1091310
1,1091310
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53217340%2fconsidering-aws-kms-what-would-be-a-proper-solution-when-the-encrypted-data-is%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
