Database encryption #561
Comments
|
I've done a little looking around in terms of what encryption libraries are available, and this one seems fairly well maintained and modern https://github.com/georgemarshall/django-cryptography/ We would inject the symmetric encryption key at runtime vian env var, which means it would require someone to capture the machine RAM state of the running Python/Django app/VM, in order to read key, and access the encrypted data. If they obtained a 'static' file copy of the live DB they would not be able to read encrypted fields without the symmetric key. Worth having a go at this before we go live? As it will make significant changes to the Models. (And of course vital that we have the encryption key securely stored ourselves in a few places, because if we lost that, we would lose all the data!) |
|
@pacharanero is this still worth exploring if we have already gone live? |
dc2007git
added
the
to-close-with-confirmation
Certain particularly sensitive data items should be encrypted before storing in the database.
The text was updated successfully, but these errors were encountered: