greeeen-dev
commented
5 months ago Originally I was going to make at-rest encryption toggleable, but I've decided to make it mandatory.
Closed greeeen-dev closed 5 months ago
greeeen-dev
commented
5 months ago Originally I was going to make at-rest encryption toggleable, but I've decided to make it mandatory.
Checklist
Is your feature request related to a problem? Please describe.
Currently, Unifier only keeps two copies of it's configuration and data files: in memory and on local disk. In case of a system failure so critical that files cannot be recovered, these critical files will be lost.
Describe the solution you'd like
Create a Flask app with mandatory TLS to allow backups. Filetypes will be restricted to .json (config, data, uncompressed message cache) and .lzma (compressed message cache) files.
For extra data security, the data
mayMUST also be encrypted at rest (i.e. the encrypted file is sent and stored). The data must be encrypted in transit (i.e. the file is encrypted when it's being backed up to the server, then decrypted once they arrive at the destination server).Describe alternatives you've considered
Using a DB instead. Although this may have been simpler, this changes the format of the data. We'd like to keep the format consistent across copies (except the on-memory copy, as that uses Python dict), so if the instance can't connect to the API/DB for whatever reason, they can just copy the files from the backup server.
Additional context
This suggestion was made by a competitor, we giving feedback to each other now Might release as part of v2.0.3, if not v2.0.4/v2.1.0. API will be released as a standalone project