Right now, the only things we encrypt are user passwords and S3 buckets (the latter only at rest).
It would've been nice to do this from the get go, but we should go over the app and see what columns it makes sense for us to encrypt. That is, what columns are sensitive enough that if the database itself is leaked, we definitely wouldn't want that data to leak with it?
Of course, this only goes so far: we'll only be able to encrypt at rest, so if a breach accesses the live system, they'll be able to access things like the decryption key, or just inspect any of the live data.
Still, I think this is worth doing. Maybe not urgently, but it's going to involve some data migration, so the sooner the better.
Right now, the only things we encrypt are user passwords and S3 buckets (the latter only at rest).
It would've been nice to do this from the get go, but we should go over the app and see what columns it makes sense for us to encrypt. That is, what columns are sensitive enough that if the database itself is leaked, we definitely wouldn't want that data to leak with it?
Of course, this only goes so far: we'll only be able to encrypt at rest, so if a breach accesses the live system, they'll be able to access things like the decryption key, or just inspect any of the live data.
Still, I think this is worth doing. Maybe not urgently, but it's going to involve some data migration, so the sooner the better.
Conveniently, we can use an existing library to pull this off: https://hexdocs.pm/cloak_ecto/readme.html
Note: once we're ready to tackle this, it might make sense to make a concrete plan and split it into smaller phases.