-
-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Application-Layer Encryption of Snapshot State #1257
Labels
Comments
c247t
added a commit
to c247t/javers
that referenced
this issue
Jan 24, 2023
…ository Inject symmetric String-to-String codec into SQL persistence of CdoSnapshotState
c247t
added a commit
to c247t/javers
that referenced
this issue
Mar 14, 2023
…tion, and symmetrical utf8-gzip-base64 codec
bartoszwalacik
pushed a commit
that referenced
this issue
Mar 14, 2023
Inject symmetric String-to-String codec into SQL persistence of CdoSnapshotState
bartoszwalacik
pushed a commit
that referenced
this issue
Mar 14, 2023
…and symmetrical utf8-gzip-base64 codec
bartoszwalacik
added a commit
that referenced
this issue
Mar 14, 2023
…-application-layer-encryption
bartoszwalacik
pushed a commit
that referenced
this issue
Mar 16, 2023
Inject symmetric String-to-String codec into SQL persistence of CdoSnapshotState
bartoszwalacik
pushed a commit
that referenced
this issue
Mar 16, 2023
…and symmetrical utf8-gzip-base64 codec
This can be closed, as this has been included in 6.12. 🎉 |
bartoszwalacik
pushed a commit
that referenced
this issue
Jul 16, 2023
Inject symmetric String-to-String codec into SQL persistence of CdoSnapshotState
bartoszwalacik
pushed a commit
that referenced
this issue
Jul 16, 2023
…and symmetrical utf8-gzip-base64 codec
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Requirement
In my current project, we keep sensitive data confidential by means of application-layer encryption. We evaluated JaVers for a changelog-like functionality, and it works like a charm, thank you very much! The only missing link was a catch-all kind of callback for us to provide the same level of confidentiality for the changelog as for the live data, ideally by using the very same implementation.
Working towards a solution
First we looked into TypeAdapters, but for those to work out we'd have to ensure that all fields in all entities would be covered at all times. Neither did the GSON Adapter for CdoSnapshotState feel like the proper spot to inject an optional conversion layer. Hence I chose to augment the SnapshotQuery and SnapshotRepository with an interface allowing to supply a symmetrical String-to-String codec, the provided default implementation of which is a no-op. The entire setup of the cryptographic engine is up to the integrator, i.e. there is no dependency or complexity per se added to JaVers.
Limitations
So far, we only took care of the SQL repository, which is what we're using. If the approach is deemed feasible for upstreaming, an equivalent for the Mongo repository should not be too difficult to provide.
Pull request is in the making, for your consideration.
The text was updated successfully, but these errors were encountered: