Open john-999 opened 1 year ago
Not currently - but I've been thinking a lot about homorphic encrytption. What were you thinking about doing - I'd love to learn more.. and possibly write something.
With databases all over the world being leaked almost on a daily basis now, database encryption is rapidly gaining importance.
Using Redis for search has the obvious important advantage of being super-fast.
Additionally, it can take important load off your conventional/relational DB running alongside, if you have one.
In my case, I run an after-deploy task to load a part of my MySQL/MariaDB database into the Redis DB, in order to make the data available for search (via RediSearch).
For encryption, I use (1) MariaDB's at-rest encryption (database-level), and additionally (2) Rails' Active Record Encryption (application-level) in order to maximize data protection.
But: The data that is made available for search in Redis is currently unencrypted, because it needs to be searchable. This is a security hole.
So if Redicrypt could encrypt Redis data while keeping it searchable, there would be no more security hole: We could search Redis data that is encrypted super-fast, which would be pretty awesome.
Even on MariaDB/MySQL data-at-reset encryption, when the data is loaded to memory from disk it's kept unencrypted in memory. I'm not familiar with DBs that keep the data-in-use encrypted in memory
Ok, so the feature would make Redis the first DB that keeps the data-in-use encrypted in memory, if I understand correctly.
And so ideally, one would drop MariaDB/MySQL and go Redis-only, in order to be able to have all data-in-use encrypted in memory.
@john-999 Thinking about this further, I think we have several usability problems here - but I want to make sure we're thinking about the same thing.
FWIW I don't currently have an answer - but do want to make sure this makes sense.
(As much as I'd like to contribute any useful comments, I'm unfortunately not sufficiently advanced to discuss any technical details/requirements - I'll have to leave the floor to the grown-ups...)
How about thinking with RediJson?
Is it possible to use RediSearch with Redicrypt?