You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fields to encrypt must be specified as a single JSON payload under a single key. This ensures that decrypting objects at scale is performant. For example, the key secrets would hold a JSON payload of all the sensitive fields.
When the encrypted saved object is registered, the secrets field should specified as attributesToEncrypt
encryptedSavedObjects.registerType({
type: syntheticsMonitor.name,
attributesToEncrypt: new Set(['secrets']),
});
Formating Saved Objects
All fields in the SyntheticsMonitor type are flattened. To support saving sensitive fields within the saved object under a single key, we should create formatters that transform the SyntheticsMonitor type into a saved object compatible format, and vice versa, when adding or fetching a monitor. This ensures that the current contract is able to remain intact throughout the app.
Saved Object Migrations
Now that sensitive fields must be stored as JSON payload under a single key, we must create a saved object migration. This migration must account for our previously unencrypted saved objects and 1. store them as encrypted saved objects and 2. move the sensitive fields to the secrets key. Sync with @azasypkin for questions.
The text was updated successfully, but these errors were encountered:
As a user of Uptime, I'd like my sensitive data to be encrypted at rest.
To help protect customer information, we must transition Uptime Synthetic Monitor saved objects to encrypted saved objects.
POC: #125168
SPIKE: elastic/uptime#406
Encrypted Saved Objects README: https://github.com/elastic/kibana/blob/main/x-pack%2Fplugins%2Fencrypted_saved_objects%2FREADME.md
Fields to encrypt must be specified as a single JSON payload under a single key. This ensures that decrypting objects at scale is performant. For example, the key
secrets
would hold a JSON payload of all the sensitive fields.When the encrypted saved object is registered, the secrets field should specified as
attributesToEncrypt
Formating Saved Objects
All fields in the
SyntheticsMonitor
type are flattened. To support saving sensitive fields within the saved object under a single key, we should create formatters that transform theSyntheticsMonitor
type into a saved object compatible format, and vice versa, when adding or fetching a monitor. This ensures that the current contract is able to remain intact throughout the app.Saved Object Migrations
Now that sensitive fields must be stored as JSON payload under a single key, we must create a saved object migration. This migration must account for our previously unencrypted saved objects and 1. store them as encrypted saved objects and 2. move the sensitive fields to the
secrets
key. Sync with @azasypkin for questions.The text was updated successfully, but these errors were encountered: