pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
https://docs.pwpush.com
Apache License 2.0
2.12k stars 359 forks source link

Encrypted files at rest #1697

Open liquid-metal opened 12 months ago

liquid-metal commented 12 months ago

🚀 Feature Request

When a file is pushed, it should be possible to select (or force by configuration) that the file is stored encrypted in whatever storage is configured.

🔈 Motivation

Users might expect files in password pusher to be shared securely (not only the access), so in my opinion it is logical to share files with sensitive content. Especially when using external storage, it might be desirable to have the files on the storage encrypted. This is an improvement to security from the moment where the storage is on another host than the application itself. This might further be improved by deriving the encryption key from a lockdown passphrase.

Incorrectly configured S3 leads to countless data leaks; this might even become worse when using some kind of self hosted storage which might not be as well-integrated into an IAM as a cloud-hosted offer.

🛰 Alternatives

Require the user to encrypt files? Sounds not so viable to me.

📎 Additional context

I am aware of the optimization mentioned in the config document that the browser can send files to an external storage directly. I can imagine multiple ways to deal with that

pglombardo commented 12 months ago

Great feature request - I agree this would be ideal although not the easiest thing to implement so it will take some careful thought and planning. Having the encryption key potentially tied to the lockdown passphrase is a good idea too. I'll give it all some thought.

pglombardo commented 9 months ago

Password Pusher uses lockbox for data encryption and it supports ActiveStorage encryption (file uploads): https://github.com/ankane/lockbox?tab=readme-ov-file#active-storage