Introducing @EncryptedAttribute() decorator

[nullxx]

Issue Creation Checklist

• I understand that my issue will be automatically closed if I don't fill in the requested information
• I have read the contribution guidelines

Feature Description

Problem Statement

Currently, Sequelize provides the @Attribute decorator to mark attributes of a class that correspond to attributes of a table. However, in scenarios where sensitive information needs to be stored, such as secret keys or passwords, storing them in plain text poses security risks. To address this, users typically resort to encoding or encrypting such information before storage, necessitating the implementation of custom logic using hooks for each field that stores a secret. This approach introduces complexity and increases the likelihood of errors.

Describe the feature you'd like to see implemented

I propose the addition of a new decorator, @EncryptedAttribute, to Sequelize. This decorator aims to facilitate the encryption and decryption of sensitive data stored in database attributes. Currently, Sequelize provides the @Attribute decorator to mark attributes of a class that correspond to table columns. However, in scenarios where sensitive information needs to be stored (and need to be retrieved decrypted), such as secret access keys, storing them in plaintext poses security risks. The proposed @EncryptedAttribute decorator allows developers to specify encryption parameters for attributes, ensuring that sensitive data is stored securely in the database. This decorator encrypts the secrets before going to the database and decrypts them after fetching from the database.

I have developed it in a project: function EncryptedAttribute(type, options);

Using it (example):

  // @Attribute(DataTypes.STRING)
  // @NotNull
  @EncryptedAttribute(DataTypes.STRING, { key: process.env.DB_ENCRYPT_ATTR_KEY, iv: process.env.DB_ENCRYPT_ATTR_IV })
  declare secretAccessKey: string;

No more code is necessary. You just use secretAccessKey attribute as always, but under de hood before and after the database there is an "encryption layer".

Produces a table structure like:

Maybe it's not the best implementation, as is the first approach I handled and it could be improved, but I think is a good start

Describe why you would like this feature to be added to Sequelize

Integrating the @EncryptedAttribute decorator directly into Sequelize aligns with the framework's core objectives of simplifying database interactions and promoting best practices in data management. By incorporating encryption functionality as a native feature, Sequelize empowers developers to handle sensitive data securely without relying on additional external dependencies or custom implementations. This streamlines the development process, promotes consistency, and ensures that encryption mechanisms seamlessly integrate with Sequelize's existing ORM capabilities, enhancing overall application security and maintainability.

This new decorator introduces enhanced functionality without altering existing configurations or compromising speed. It significantly streamlines the mandatory tasks involved in encrypting an attribute.

Is this feature dialect-specific?

• No. This feature is relevant to Sequelize as a whole.
• Yes. This feature only applies to the following dialect(s):

Would you be willing to resolve this issue by submitting a Pull Request?

• Yes, I have the time and I know how to start.
• Yes, I have the time but I will need guidance.
• No, I don't have the time, but my company or I are supporting Sequelize through donations on OpenCollective.
• No, I don't have the time, and I understand that I will need to wait until someone from the community or maintainers is interested in implementing my feature.

---

Indicate your interest in the addition of this feature by adding the 👍 reaction. Comments such as "+1" will be removed.