Add backend DB encryption at rest for possibly sensitive data #26
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Expected/Wanted Behavior
Some fields of apps stored in the backend DB may potentially contain sensitive data, this fields are:
For infosec reasons they are best stored in the backend DB in an encrypted format, this can be achieved by having a known encryption token configured with the same value on all managers as a required config param that serves as the encryption key to encrypt\decrypt those fields when stored in the backend DB.
https://github.com/pyca/cryptography should be used rather then pycrypto as pycrypto hasn't been updated in years.
if the encryption token paramter is not set then it should default to None\empty\etc and not encrypt the data on the backend DB, this will also allow backward compliance with existing versions.
Actual Behavior
Envvars data stored at the backend DB is plaintext (user pass & tokens are already hashed, not encrypted as this is a better way of storing them as they will never need to be decrypted).
The text was updated successfully, but these errors were encountered: