Skip to content

Feat/memory encryption at rest#11

Merged
keepsloading merged 2 commits into
Memact:mainfrom
Ingole712521:feat/memory_encryption_at_rest
Jun 22, 2026
Merged

Feat/memory encryption at rest#11
keepsloading merged 2 commits into
Memact:mainfrom
Ingole712521:feat/memory_encryption_at_rest

Conversation

@Ingole712521

Copy link
Copy Markdown
Contributor

feat #5

Add transparent AES-256-GCM encryption for sensitive memory statements at rest in PostgreSQL

Summary

  • Adds field-encryption.mjs with AES-256-GCM encrypt/decrypt using keys from MEMACT_MEMORY_ENCRYPTION_KEY and optional MEMACT_MEMORY_ENCRYPTION_KEY_ID.
  • Adds postgres-statements.mjs and sql/memory_statements.sql to store public metadata in plain columns while encrypting sensitive statement fields (summary, value, attributes, provenance, sources, etc.) into sensitive_payload + IV + auth tag.
  • Provides createPostgresStatementStore() for transparent encrypt-on-write / decrypt-on-read, plus optional createPgQueryExecutor() for real PostgreSQL via the pg package.
  • Adds unit tests confirming sensitive values like "peanuts" are not readable as plaintext in stored table payloads.

Why

Sensitive memory statement content must not sit in PostgreSQL as readable plaintext. This change encrypts statement columns at rest while keeping queryable metadata (type, field path, sensitivity, label) available for indexing and access control.

Ingole712521 and others added 2 commits June 22, 2026 13:13
- Introduced `field-encryption.mjs` for AES-256-GCM encryption and decryption of sensitive memory data.
- Added `postgres-statements.mjs` to manage memory statements with encryption support, including functions for splitting and merging memory statements.
- Created `memory_statements.sql` for defining the database schema for storing encrypted memory statements.
- Implemented tests for encryption and decryption processes, ensuring sensitive data is not exposed in plaintext.
- Updated `package.json` to include new modules for field encryption and memory statements.
@keepsloading

Copy link
Copy Markdown
Member

SSoC26 Labeling: This Pull Request has been automatically linked to the corresponding issue labels: SSoC26,Hard! Thank you for contributing!

@keepsloading

Copy link
Copy Markdown
Member

SSoC26 Warning: We noticed that you haven't created a corresponding dummy PR in the main Context repository yet.

@Ingole712521

Copy link
Copy Markdown
Contributor Author

Hi, this contribution is being made in the Memact/Memory repository. Could you please clarify whether a separate dummy PR is still required in the main Context repository for SSoC26 tracking? If so, I'll create it and link it here

@keepsloading

Copy link
Copy Markdown
Member

@Ingole712521 Definitely. Without a dummy PR, SSoC won't take this PR under account.

@Ingole712521

Copy link
Copy Markdown
Contributor Author

ok

@keepsloading

Copy link
Copy Markdown
Member

SSoC26 Review Update

We have verified that your implementation for Memory Encryption at Rest looks excellent and passes all 34 unit tests successfully!

However, because this contribution is located in a sub-repository (Memact/Memory), we cannot merge it yet. You must create a corresponding dummy PR in the main Memact/Context repository linking to this PR (e.g., by referencing Memact/Memory#11 in the title or description) for SSoC26 contribution tracking.

Once the dummy PR is open, the automation will automatically link, label, and proceed with the merge. Thank you!

@Ingole712521

Copy link
Copy Markdown
Contributor Author

give me some time i will create a dummy pr

@Ingole712521

Copy link
Copy Markdown
Contributor Author

@keepsloading done with the Dummy PR

@keepsloading

Copy link
Copy Markdown
Member

Dummy PR detected in Memact/Context (#73).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants