Open benbjohnson opened 2 years ago
numair
commented
1 year ago Hey @benbjohnson was encryption implemented in LiteFS? Would be great if there were best practices etc documented for PCI / HIPAA type use cases. Maybe this exists and I’ve overlooked it!
benbjohnson
commented
1 year ago @numair Encryption isn’t implemented yet. We’re still focused on hardening, testing, and stability. But it’s definitely on our road map. I’ll keep in mind the PCI/HIPAA use cases too when I go to document it.
numair
commented
1 year ago @benbjohnson thanks! Looking forward to switching over from Postgres for secure data use cases.
titanism
commented
11 months ago @benbjohnson just following up to see if encryption is supported yet? We're looking at using https://github.com/m4heshd/better-sqlite3-multiple-ciphers which supports multiple encryption methods including https://github.com/utelle/wxsqlite3#wxsqlite3---a-lightweight-wrapper-for-sqlite (e.g. sqleet by default; ChaCha20 - Poly1305 HMAC).
benbjohnson
commented
11 months ago @titanism The encryption referenced in this issue will be for the transaction files that are shipped out to replicas and backups. I'm not sure if we'll support client-side encryption as there are a number of libraries that all do it differently.
titanism
commented
11 months ago @benbjohnson Thanks - we're using https://github.com/m4heshd/better-sqlite3-multiple-ciphers right now with sqlcipher and the legacy=4 flag so we can use it with https://github.com/sqlitebrowser/sqlitebrowser. LiteFS looked like a promising approach for replication, but we need the db's to be encrypted.
LTX files are designed to support encryption so that remote storage, such as AWS S3, will not be able to read the underlying data. Currently, I'm leaning toward using AES-GCM-SIV from the Tink project.