Introducing @EncryptedAttribute() decorator #17299
Labels
pending-approval
Bug reports that have not been verified yet, or feature requests that have not been accepted yet
type: feature
For issues and PRs. For new features. Never breaking changes.
Issue Creation Checklist
Feature Description
Problem Statement
Currently, Sequelize provides the
@Attribute
decorator to mark attributes of a class that correspond to attributes of a table. However, in scenarios where sensitive information needs to be stored, such as secret keys or passwords, storing them in plain text poses security risks. To address this, users typically resort to encoding or encrypting such information before storage, necessitating the implementation of custom logic using hooks for each field that stores a secret. This approach introduces complexity and increases the likelihood of errors.Describe the feature you'd like to see implemented
I propose the addition of a new decorator,
@EncryptedAttribute
, to Sequelize. This decorator aims to facilitate the encryption and decryption of sensitive data stored in database attributes. Currently, Sequelize provides the@Attribute
decorator to mark attributes of a class that correspond to table columns. However, in scenarios where sensitive information needs to be stored (and need to be retrieved decrypted), such as secret access keys, storing them in plaintext poses security risks. The proposed@EncryptedAttribute
decorator allows developers to specify encryption parameters for attributes, ensuring that sensitive data is stored securely in the database. This decorator encrypts the secrets before going to the database and decrypts them after fetching from the database.I have developed it in a project: function EncryptedAttribute(type, options);
Using it (example):
No more code is necessary. You just use
secretAccessKey
attribute as always, but under de hood before and after the database there is an "encryption layer".Produces a table structure like:
Maybe it's not the best implementation, as is the first approach I handled and it could be improved, but I think is a good start
Describe why you would like this feature to be added to Sequelize
Integrating the
@EncryptedAttribute
decorator directly into Sequelize aligns with the framework's core objectives of simplifying database interactions and promoting best practices in data management. By incorporating encryption functionality as a native feature, Sequelize empowers developers to handle sensitive data securely without relying on additional external dependencies or custom implementations. This streamlines the development process, promotes consistency, and ensures that encryption mechanisms seamlessly integrate with Sequelize's existing ORM capabilities, enhancing overall application security and maintainability.This new decorator introduces enhanced functionality without altering existing configurations or compromising speed. It significantly streamlines the mandatory tasks involved in encrypting an attribute.
Is this feature dialect-specific?
Would you be willing to resolve this issue by submitting a Pull Request?
Indicate your interest in the addition of this feature by adding the 👍 reaction. Comments such as "+1" will be removed.
The text was updated successfully, but these errors were encountered: