feat: encrypt secrets for internal use

supabase / supavisor

A cloud-native, multi-tenant Postgres connection pooler.

https://supabase.github.io/supavisor/

Apache License 2.0

1.73k stars 55 forks source link

feat: encrypt secrets for internal use #333

Open abc3 opened 6 months ago

abc3 commented 6 months ago

To avoid logging sensitive data (passwords, secrets, etc.), we keep it internally as anonymous functions fn -> some_secret end. However, during hot upgrades, old links to these funs can become invalid, so this PR introduces a new approach by turning sensitive data into binary.

The PR also includes the HotUpgrade module, which will replace existing encoded secrets, currently cached or residing within the :poolboy supervisor, with this new method

abc3 commented 6 months ago

@supabase/dashbit, if there is any way to continue keeping secrets in funs across upgrades, I would be happy to hear about it, as I haven’t found any safe method

josevalim commented 6 months ago

Other approaches to consider:

Put those secrets into a struct and derive the implementation of the struct to not include the field:

@derive {Inspect, only: []}
defstruct :secret

Store them in the process dictionary (they will be plain but it should not show up in logs)