Ask HN: Why use cloud service (e.g. S3) encryption at rest?
The key is stored in the same system somewhere (or your app wouldn't function). A rogue employee can find the key if they want. Is there a practical benefit other than additional compliance checkboxes being checked?
1 comment
[ 3.8 ms ] story [ 9.7 ms ] threadBut even symmetrical cryptography have some value. If the attackers can download the files from S3 but they can't crack the web app, they can't access their content. Only very few employees should have the encryption key. If they know that only 3 of them have it, they should think twice about doing something wrong. If everybody knows it, it's a free for all.