Skip to content

re #1034 Data encryption blog post #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 13, 2016
Merged

re #1034 Data encryption blog post #65

merged 1 commit into from
Apr 13, 2016

Conversation

kahboom
Copy link
Member

@kahboom kahboom commented Apr 8, 2016

Changes:

  • Added a blog post on the encryption of data that apiman stores.
  • Added myself as an author, and re-ordered list of names alphabetically (by first name).

Screenshots:

covering your assets data encryption in api management apiman open source api management

JIRA: https://issues.jboss.org/browse/APIMAN-1034

cc @EricWittmann @msavy - Sorry that this took forever, I wanted to make sure I was adding enough detail. A few comments:

  1. Please check the accuracy of what I wrote, especially the comment about pre- and post-marshalling when storing in Elasticsearch toward the end. I was basing this off of my notes from a bootstrapping meeting and by looking at the code.
  2. I didn't get too detailed for things like setting up the structure for a plugin, but did provide references. Maybe should have done that for generating an encrypted key as well.
  3. I'd really like to add comments in today, if possible. It's a quick task that I think is pretty important. That's one of the reasons I mention "please leave a comment below" at the end of the post.
  4. Last thing is, please don't merge this in yet as I've yet to commit the built files. This is just for you guys to read, review, and provide feedback (if you have the time!). It would be nice if this were done automatically in Travis CI / Jenkins.

Thanks!

@kahboom
Copy link
Member Author

kahboom commented Apr 8, 2016

Blob is here, but obviously looks better when rendered locally (see screenshot).

msavy
msavy reviewed Apr 8, 2016
View reviewed changes
_blog-src/_posts/2016-04-08-data-encryption.adoc Outdated
NOTE: If you are kind enough to want to share your plugin with the rest of the apiman community, create a pull request on the main https://github.com/apiman/apiman[apiman repository]. Contributors, please don't forget to write a unit test for any plugin you write (one that actually passes, kthx!).


== Key Takeways
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Takeway/Takeaway/

@kahboom
Copy link
Member Author

kahboom commented Apr 13, 2016

@EricWittmann @msavy - Made suggested changes, updated the date, and added Disqus commenting. See updated screenshot below.

It is desperately missing images, but I didn't think any would be helpful so decided to omit them completely. Once you guys are okay with it, let me know and I'll check in the built Jekyll files.

covering your assets data encryption in api management apiman open source api management

EricWittmann
EricWittmann reviewed Apr 13, 2016
View reviewed changes
_blog-src/_posts/2016-04-08-data-encryption.adoc Outdated

Apiman was designed with the goal of providing a secure, customizable platform for API providers that is easy to use. As an open source platform, it is highly extendable and maintained by a community of developers with the common goal of streamlining API management without compromising security.

*All sensitive data stored by apiman is fully encrypted* so that it is not stored in plain text, then later decrypted again on runtime or when publishing services. By default, the database storage is the H2 relational database, which uses Elasticsearch. One of the many examples of data that gets stored are the credentials that must be provided when the manager wants to publish an API and makes an authenticated REST call to the gateway.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence isn't correct: "By default, the database storage is the H2 relational database, which uses Elasticsearch."

It should maybe be "By default, the API Manager uses a relational database for storage."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, I should probably start drinking coffee again. What I meant to say was, "By default, the database storage is the H2 relational database management system, which can be swapped out for Elasticsearch." But that's not necessarily correct anyway, since you're replacing JPA/Hibernate/H2 (or other RDBMS) with Elasticsearch. Also kind of irrelevant.

@kahboom kahboom force-pushed the 1034-data-encryption branch from deb3212 to 30a02ce Compare April 13, 2016 19:36
@EricWittmann EricWittmann merged commit 6469677 into apiman:master Apr 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kahboom @msavy @EricWittmann