From 7174a91f32191508074d78b0a8bbbb7aea428e9a Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 17 Nov 2021 14:42:59 -0500 Subject: [PATCH] Update data-encryption documentation to clarify what is encrypted (#1722) --- website/content/docs/concepts/security/data-encryption.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/content/docs/concepts/security/data-encryption.mdx b/website/content/docs/concepts/security/data-encryption.mdx index 55fc0c6a39..4a5f6df0f9 100644 --- a/website/content/docs/concepts/security/data-encryption.mdx +++ b/website/content/docs/concepts/security/data-encryption.mdx @@ -34,8 +34,10 @@ The current scoped DEKs and their purposes are detailed below: ~> Management of these keys is handled entirely internally; the information provided in this section is purely for informational purposes. -- `database`: This is the general-purpose DEK used to encrypt sensitive or - secret values within the database. +- `database`: This is the general-purpose DEK used to encrypt values within the + database. Values that are encrypted are those generally considered to be + secret, such as API keys, third-party tokens, certificate private keys, and so + on. - `oplog`: This is used for encrypting oplog (operation log) values for the given scope.