Glossary¶

Delta: A framework for protecting content so that it can be shared securely across networks and organisations. Delta achieves this by allowing an identity to create and distribute secrets to other identities.
Identity: An entity (such as user, device, or another service) registered with Delta, that is uniquely identifiable, and has possession of an encryption key pair and a signing key pair.
IdentityId: An identifier generated by Delta that is unique and associated with retrieval and designation of an identity.
Identity metadata: Optional, textual, owner-provided key-value pairs used for lookup, associated with an identity.
Encryption key pair: An asymmetric key pair (consisting of the public encryption key and the private decryption key), associated with an identity for the purpose of encryption and decryption of secret encryption keys.
Public encryption key: The public key of an asymmetric key pair (the private counterpart being the private decryption key), functioning as a key encryption key (KEK), to encrypt a secret encryption key. The public encryption key is associated with an identity and published on Delta.
Private decryption key: The private key of an asymmetric key pair (the public counterpart being the public encryption key), used to decrypt a secret encryption key. The private decryption key must be managed outside of Delta.
Signing key pair: An asymmetric key pair (consisting of the private signing key and the public signing verification key), associated with an identity for the purpose of request signing and authentication.
Public signing verification key: The public key of an asymmetric key pair (the private counterpart being the private signing key), used to verify request authenticity and ownership. The public signing key is associated with an identity. However, unlike public encryption keys, public signing verification keys are not published by Delta.
Private signing key: The private key of an asymmetric key pair (the public counterpart being the public signing verification key), used to sign requests as required by Delta so that the service can verify request authenticity and ownership. The private signing key must be managed outside of Delta.
Secret: An entry in Delta, comprising of protected secret content, encryption details, core attributes, and secret metadata.
SecretId: An identifier generated by Delta that is unique and associated with retrieval and designation of a secret.
Secret content: Plaintext data that an identity wants to protect (such as a password, symmetric key or small text file). Secret content is limited to 200KB in size.
Protected secret content: Encrypted secret content, protected by a secret encryption key.
Secret metadata: Optional, textual, owner-provided key-value pairs used for lookup, associated with a secret.
Encryption details: Client-generated attributes associated with the encryption of the secret content. The encryption details contain the protected secret encryption key, initialization vector (IV), and any other keying material required for the decryption of the protected secret content.
Core attributes: Service-generated attributes associated with a secret (SecretId, Owning IdentityId, CreatedDate, ModifiedDate).
Secret encryption key: A symmetric key used to encrypt or decrypt the secret content. The secret encryption key in turn is protected by a public encryption key of an Identity.
Protected secret encryption key: The secret encryption key, encrypted with the public encryption key of an identity and stored as part of a secret.
Base secret: A secret whose secret content is encrypted using the public encryption key of the owning identity.
Owning identity: An identity in Delta responsible for creation of a base secret.
Receiving identity: An identity in Delta that is the recipient of a derived secret.
Derived secret: A secret that should contain the same secret content as a base secret, where this secret content is protected/encrypted by a secret encryption key, which in turn is encrypted using the public encryption key of the receiving identity. Derived secrets are the mechanism through which secret content is shared between identities. A derived secret can only be created by the owning identity of the base secret.
Events: Operations performed on identity and secret entries in Delta that can be retrieved in a structured manner.