Store content of secret attribute content type in DB as encrypted

CZERTAINLY / CZERTAINLY-Core

CZERTAINLY - core of the platform managing certificate lifecycle management related tasks

https://www.czertainly.com

MIT License

4 stars 13 forks source link

Store content of secret attribute content type in DB as encrypted #239

Open lubomirw opened 1 year ago

lubomirw commented 1 year ago

Content of attribute with secret content type is now stored in DB as plain text. Even we rely on encryption of DB itself, we cannot enforce encrypting of DB itself. Therefore it is suitable to store sensitive data encrypted.

Implement encryption and decryption of sensitive attribute content based on implementation used in Software-Cryptography-Provider (SecretsUtil).

3keyroman commented 1 year ago

What if the password used to derive the encryption key will be changed in the future? What will happen? The system will be unable to decrypt the secrets and will stop working. Can you change the password? Can you recover somehow? Is there any seamless migration from one encryption to another?