Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support content encryption within CentralDogma #755

Open
jrhee17 opened this issue Nov 17, 2022 · 1 comment
Open

Support content encryption within CentralDogma #755

jrhee17 opened this issue Nov 17, 2022 · 1 comment
Labels
discussion

Comments

@jrhee17
Copy link
Contributor

jrhee17 commented Nov 17, 2022
edited

Just wanted to float this idea with other maintainers.

We may want to support data encryption within central dogma so users can save sensitive data. (and centraldogma can possibly also act as a backend for a KMS)

One idea I had was:

  • Users can register a key[s] when creating a repository.
  • The registered key[s] encrypt the content when stored.
  • Users send over a private key when reading/modifying content. Alternatively, the encrypted content could be fetched and decrypted using a user's private key locally.

caveats:

  • Each file content would be encrypted, but the directory structure will still be visible
  • We should make sure that the encryption/decryption is performant since central dogma may host a large number of files with reasonable size (10MB~)
  • TBU...
@trustin
Copy link
Member

trustin commented Feb 14, 2023

Instead, we could consider encrypting the entire repository? https://git-annex.branchable.com/tips/fully_encrypted_git_repositories_with_gcrypt/

minwoox added a commit to minwoox/centraldogma that referenced this issue Nov 15, 2023
@minwoox
Apply ConfigValueConverter to Mirroring configuration temporarily
44d8421 
Motivation:
Before we support content encryption within CentralDogma, we need a way to secure the sensitive information in mirroring configuration.
We can do this using `ConfigValueConverter` that is introduced via line#890 as a temporarily workaround.

Modifications:
- Apply `ConfigValueConverter` to mirroring configuration.

Result:
- You can temporarily hide sensitive information in mirroring configuration using `ConfigValueConverter`. Please note that this feature will be deprecated after we implement line#755.
@minwoox minwoox mentioned this issue Nov 15, 2023
Merged
minwoox added a commit that referenced this issue Nov 23, 2023
@minwoox
Apply ConfigValueConverter to Mirroring configuration temporarily (#895)
c0a6025 
Motivation:
Before we support content encryption within CentralDogma, we need a way to secure sensitive information in mirroring configuration. We can do this using `ConfigValueConverter` that is introduced via #890 as a temporary workaround.

Modifications:
- Apply `ConfigValueConverter` to mirroring configuration.

Result:
- You can temporarily hide sensitive information in mirroring configuration using `ConfigValueConverter`. Please note that this feature will be deprecated after we implement #755.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trustin @jrhee17