Enclave Management

An Enclave is an isolated collection of cryptographic keys. This provides a means to separate groups of keys stored in Key Manager, such as all of the keys for a specific object store. MinIO recommends a separate enclave for each object store. AIStor KMS can host as many different enclaves as needed.

Access to enclaves are restricted to identities created for the enclave. In this way, AIStor prevents identities for one object store’s enclave from accessing the keys or secrets for a different object store’s enclave.