holashchand
commented
1 year ago One Edit on Encryption Support details:
- We have encryption supported for Private Fields
- For this we should enable encryption and add an external encryption service
- There are some cases where it doesn't work properly (TODO: check and update which all cases)
- It will be apply encryption for all private fields for all schemas
Open questions to be discussed
- Do we need encryption supported at schema level?
- Do we need to define encryption fields separately than private fields?
- Do we want an external service for encryption or in registry itself?
- Where and how we want to define encryption type? or even not require in case of external service?
Feel free to answer or add another questions or add any comment related to this
surendrasinghs
srprasanna
What is the feature request for?
To preserve privacy of sensitive user data such as mobile, email, and other personally identifiable information (PII). This will be part of Registry Core.
What problem/inconvenience (if any) will this feature solve?
Currently, we mask / hash / encrypt only when data is exposed to /published to an external service (e.g. printing to log, metric service, response to GET API). But it is not masked in the registry database itself.
Describe the feature clearly.
If a strategy is specified, we should apply the relevant strategy and persist to the database. We will need to have a configuration to determine the strategy for fields. This can be held under the config section. If Masking/Hashing is specified as the strategy we cannot get the original data back from the registry. For encrypted data, we can decrypt and send back as part of the response to the Registry endpoints.