https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976 --- Comment #3 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Using one encryption key for whole Koha is obviously more convenient than carrying a large keychain but is unsafer too. If you get that key, you can decrypt everything. Interesting question though would be: How would you get one key and not the others? And underlying, is koha-conf the best place to save them? Easy to ask, harder to answer. If you would get secrets from some vault, you still need a token for that, etc. As David referred to the rotation bug, the management of data encrypted with which key and what version becomes a bit harder.. Security always has a price. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.