this post was submitted on 08 Jun 2024
1 points (100.0% liked)

Learn Programming

1625 readers
1 users here now

Posting Etiquette

  1. Ask the main part of your question in the title. This should be concise but informative.

  2. Provide everything up front. Don't make people fish for more details in the comments. Provide background information and examples.

  3. Be present for follow up questions. Don't ask for help and run away. Stick around to answer questions and provide more details.

  4. Ask about the problem you're trying to solve. Don't focus too much on debugging your exact solution, as you may be going down the wrong path. Include as much information as you can about what you ultimately are trying to achieve. See more on this here: https://xyproblem.info/

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
Ategon@programming.dev
JaumeI@programming.dev
bugsmith@programming.dev
1
Value of "encrypted at rest" data (lemmy.world)
submitted 3 months ago by thirdBreakfast@lemmy.world to c/learn_programming@programming.dev
0 comments fedilink hide all child comments
 

I'm writing a specification for a web app that will store sensitive user data, and the stakeholder asked that I consider a number of fairly standard security practices, but also including that the data be "encrypted at rest", i.e. so that if someone gains physical access to the hard disk at some later date the user data can't be retrieved.

The app is to be Node/Express on a VPS (probably against sqlite3), so since I would be doing that using an environmental variable stored in a file on that same computing instance, is that really providing any extra security?

I guess cloud big boys would be using key management systems to move the key off the local instance, and I could replicate that by using (Hashicorp Vault?) or building a service to keep the key elsewhere, but then I'd need secure access to that service, which once again would involve a key being stored locally.

What's your thoughts, experience, or usual practice around this?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here