-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Doc encryption with symmetric key #2731
base: develop
Are you sure you want to change the base?
feat: Doc encryption with symmetric key #2731
Conversation
) | ||
|
||
type multistore struct { | ||
root DSReaderWriter | ||
data DSReaderWriter | ||
enc DSReaderWriter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: What do you think of naming it crypto
instead? It's short enough and easier to figure out what it means.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it sounds better, but less relevant and 3 bytes longer.
I not happy myself with "enc" as it might not be immediatly clear, but tend to like it slightly more than "crypto". If other also see "crypto" being a better much (or anything else), no problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I think you're going in the right direction. I have 2 main critiques at this stage. The first, as mentioned in an other comment, is the passing of a key on document create. I think we should avoid doing this and let Defra create a new key when needed. The second is the use of the context for the encryption key and store. It feels like it's making it more complex than it needs to be. We can discuss it some more in the standup or in a separate call if you want.
49fa643
to
045d85a
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #2731 +/- ##
===========================================
- Coverage 78.85% 78.78% -0.06%
===========================================
Files 315 318 +3
Lines 23835 24097 +262
===========================================
+ Hits 18793 18984 +191
- Misses 3670 3715 +45
- Partials 1372 1398 +26
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 13 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
45fe582
to
b66171a
Compare
d7d8ec5
to
316f55c
Compare
b6157e9
to
34bef3f
Compare
Relevant issue(s)
Resolves #2711
Description
This change introduces doc encryption. Upon creation of a document the user can pass an AES-GCM key for encryption.
This will lead to all doc fields (deltas) being stored in the DAG encrypted.
The storage in the local datastore happens as plain text (devs can enable encryption-at-rest to have it encrypted as well).