Description
Provides a network-bound key service used by systems such as Clevis to unlock encrypted data only when the configured network service is reachable. It is useful for automated disk unlocking and datacenter workflows where network presence is part of the trust decision.
Network-bound encryption changes recovery and threat assumptions. Protect the Tang server, document offline recovery, and avoid relying on it without understanding what happens when the network is unavailable.