Encryption at Rest Migrations
What should I do to move away from a weak encryption algorithms in my database or storage?
In order and without skipping or re-arranging steps:
- Add another field for the new version;
- Write to both fields;
- Optimistically read from the new field if populated and not the old field;
- Asynchronously re-encrypt everything;
- Read only from the new field;
- Remove the code that reads from the old field;
- Backup if deemed appropriate and drop the old field.