Good morning everybody.
We are working to adapt to the CSA - Cloud Security Alliance questionnaire.
And there’s a question about Ignition that we need some help with.
The question:
Encryption & Key Management Encryption
Do you support tenant-generated encryption keys or permit tenants to encrypt data to an identity without access to a public key certificate (e.g. identity-based encryption)?
Who are the tenants and what data is in question? 
That sounds like you intend to run Ignition for multiple clients in a single gateway instance in the cloud. This is not a supported configuration.
It sounds to me like he’s trying to answer a questionnaire meant to be answered by a cloud service provider (AWS, Azure, Digital Ocean, etc.). Even if he was trying to host multiple clients I still don’t think it’s an applicable questionnaire, although the answer for that scenario would certainly be “no”.
In fact, it is essential (due to contractual clauses) that each project is unique. That is, only one client per gateway.
Thank you so much for helping Kevin Herron.
This question has been keeping me awake for a long time xD