Closed rgarcia closed 8 years ago
Hi, while I think it may be a nice addition to this project, it may be even more useful if it could be applied to any session store. Also, at some point Amazon may add support for encryption to dynamodb
Thanks, @ca98am79. We created connect-session-encrypt for now to handle this.
DynamoDB doesn't support encryption at rest, which means if you have sensitive data that you want to encrypt, this must be done at the application level.
Session data contains this kind of sensitive data, so one blocker for us using
connect-dynamodb
is the ability encrypt session data before saving it to dynamodb. One path we're pursuing is creating aconnect-session-encrypted
session store that wraps an existing session store and adds this kind of encryption. Another approach would be adding it toconnect-dynamodb
directly, since it might be a common-enough use case. I'm curious what you think.