Closed oubiwann closed 1 year ago
This does beg the question about growing DB sizes ... might have to explore a different solution in the future (Rucksack is decrypted to in-mem to avoid writing sensitive data to disk. Might be able to so some clever juggling with partially loading a BTree in-memory ...
I think I was looking at some old or incomplete 1password docs ... because their list of supported types is rather extensive. I didn't see SSL certs, but they've got all sorts of crazy stuff they support.
1password focuses on passwords, so their secret data is a little simpler than ours: they just push the old pass onto a history vec/array. This won't work for us since in addition to passwords, we do service creds, asymmetric crypto files, certs, etc.. Our current setup for decrypted records is this:
In order to retain old passwords with their metadata (most useful would probably be last updated and last accessed), we'd want a
Vec
ofDecryptedRecord
... so maybe something like this?This means, of course, that we'll have to update
EncryptedRecord
similarly. Maybe something like:with
history
getting the same encryption treatment thatvalue
does ...Tasks:
DecryptedRecord
with new fieldEncryptedRecord
with new fieldDecryptedRecord
to get old passwordslist passwords