Temporary keys are public-private key pairs that are used by Confidencial to support the immediate encryption of content for newly-invited users. Temporary keys are so called because they are replaced by a cloud-stored key (in the case of an individual account) or enterprise key (in the case of an organization account) as soon as the invited user registers their account. Temporary keys are stored in Confidencial’s private key server.
Since Confidencial stores temporary keys, content encrypted for users that are using temporary keys (i.e. newly-invited users who have not yet registered their account), while still secure, is technically not zero-trust protected. It is recommended to re-encrypt content designated for newly-invited users once they have registered their account.