Data Retention and Removal
Key service is storing cryptographic keys for senders when messages are sealed. Alongside with the keys, the service is also storing metadata about the message recipients in a relational database.
Cryptographic keys storage:
The service uses the Hashicorp Vault KV2 engine to securely store cryptographic keys.
The data stored in the Vault consists of a sender id and a private key.
The sender id is a unique identifier of the sender (currently an email address),
and all identifiers are securely hashed before being stored in the Vault.
Message recipients metadata storage
The service is storing metadata about the message recipients in a relational
database table called message_recipients. To see the definition of the table
columns you can look inside the /db/migrations directory.
message_recipients table description:
| Column name | Description |
|---|---|
| message_hash | Hash value of the message |
| message_id | Unique message identifier |
| recipient | Recipient email address |
| sender | Sender identifier (email address) |
| sender_did | Sender DID (Decentralized Identifier) |
| status | Message status used during internal processing stages |
| created_at | Unix timestamp when record is created |
| updated_at | Unix timestamp when record is last updated |
Recipients data storage
The service is storing the recipients data in a relational database table called recipients.
To see the definition of the table columns you can look inside the /db/migrations directory.
recipients table description:
| Column name | Description |
|---|---|
| Recipient email address | |
| auth_methods | Recipient authentication methods |
| mobile | Recipient mobile number |
| created_at | Unix timestamp when record is created |
| updated_at | Unix timestamp when record is last updated |
What data is stored and what data is removed and when?
All data stored by the Key service is used to securely encrypt and decrypt sealed messages.
-
In case of successful encryption of a message, the cryptographic keys are stored in the Vault for future use.
-
Message recipients metadata is stored in the
message_recipientstable for authentication and authorization purposes. This information verifies if a recipient is authorized to decrypt a message. This data is retained for a period controlled by theMESSAGE_RECIPIENT_RETENTION_PERIODconfiguration variable. The default value is2160h(90 days). After this period, the data is deleted from the database.
Important: Once metadata for a recipient of a message is deleted, the recipient will no longer be able to decrypt and read the message.
- Recipients data is stored in the
recipientstable for authentication purposes. It holds information about the ways a recipient can authenticate to decrypt a message. This data is stored for future use and is not deleted unless requested for compliance reasons.