Open benbjohnson opened 2 years ago
Hey @benbjohnson was encryption implemented in LiteFS? Would be great if there were best practices etc documented for PCI / HIPAA type use cases. Maybe this exists and I’ve overlooked it!
@numair Encryption isn’t implemented yet. We’re still focused on hardening, testing, and stability. But it’s definitely on our road map. I’ll keep in mind the PCI/HIPAA use cases too when I go to document it.
@benbjohnson thanks! Looking forward to switching over from Postgres for secure data use cases.
@benbjohnson just following up to see if encryption is supported yet? We're looking at using https://github.com/m4heshd/better-sqlite3-multiple-ciphers which supports multiple encryption methods including https://github.com/utelle/wxsqlite3#wxsqlite3---a-lightweight-wrapper-for-sqlite (e.g. sqleet by default; ChaCha20 - Poly1305 HMAC).
@titanism The encryption referenced in this issue will be for the transaction files that are shipped out to replicas and backups. I'm not sure if we'll support client-side encryption as there are a number of libraries that all do it differently.
@benbjohnson Thanks - we're using https://github.com/m4heshd/better-sqlite3-multiple-ciphers right now with sqlcipher
and the legacy=4
flag so we can use it with https://github.com/sqlitebrowser/sqlitebrowser. LiteFS looked like a promising approach for replication, but we need the db's to be encrypted.
LTX files are designed to support encryption so that remote storage, such as AWS S3, will not be able to read the underlying data. Currently, I'm leaning toward using AES-GCM-SIV from the Tink project.