Key Rotation
The user can change this schedule using the Options.WithEncryptionKeyRotationDuration
“badger rotate --dir=badger_dir --old-key-path=old/path --new-key-path=new/path”
We need Streaming ?
In order to immediately encrypt all of an existing Badger datastore, you should:
Export your Badger datastore
Start a new instance of Badger with encryption enabled
Import your data into the new Badger datastore.
This can be done using badger backup and badger restore tools already available. Otherwise, a simple tool could be written using Stream Framework and StreamWriter interface to allow this to happen without exporting and with a stunning 1.6Gbps throughput.
cloudwebrtc
commented
4 years ago
https://github.com/getcouragenow/packages/blob/master/SECURITY.md
So for V2 its only the DB encrypted that is needed.
Is already audited. BadgerDB used by GraphQL. ?
See: https://dgraph.io/blog/post/encryption-at-rest-dgraph-badger/
Key Rotation The user can change this schedule using the Options.WithEncryptionKeyRotationDuration “badger rotate --dir=badger_dir --old-key-path=old/path --new-key-path=new/path”
We need Streaming ?
In order to immediately encrypt all of an existing Badger datastore, you should:
Export your Badger datastore Start a new instance of Badger with encryption enabled Import your data into the new Badger datastore. This can be done using badger backup and badger restore tools already available. Otherwise, a simple tool could be written using Stream Framework and StreamWriter interface to allow this to happen without exporting and with a stunning 1.6Gbps throughput.
Code for all this is here ! https://github.com/dgraph-io/badger/tree/master/badger/cmd
https://github.com/dgraph-io/dgraph/tree/master/dgraph/cmd/cert
We also need backup and restore
So lets back all this into the sys-core CLI !!