Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS: Data at Rest Encryption > Encryption of the master key in a geo-replicated environment
When a system is being added to form or extend a federation, the system generates public/private keys locally. These keys are used for encryption or decryption of the federation's master key. On federation, the new system that does not know the master key, stores the public key in a resource table. A VDC that knows the master key uses this public key to encrypt and share the encrypted key with the new system. The master key is now global and known to both systems within the federation.
As shown in Figure 6, the master key is global and known to both systems within the federation. The ECS system that is labeled VDC 2 joins the federation. The master key of VDC 1 (the existing system) is extracted and passed to VDC 2 for encryption with the public-private key randomly generated by VDC 2.