superfly / litefs

FUSE-based file system for replicating SQLite databases across a cluster of machines
Apache License 2.0
4.04k stars 96 forks source link

LTX Encryption #19

Open benbjohnson opened 2 years ago

benbjohnson commented 2 years ago

LTX files are designed to support encryption so that remote storage, such as AWS S3, will not be able to read the underlying data. Currently, I'm leaning toward using AES-GCM-SIV from the Tink project.

numair commented 1 year ago

Hey @benbjohnson was encryption implemented in LiteFS? Would be great if there were best practices etc documented for PCI / HIPAA type use cases. Maybe this exists and I’ve overlooked it!

benbjohnson commented 1 year ago

@numair Encryption isn’t implemented yet. We’re still focused on hardening, testing, and stability. But it’s definitely on our road map. I’ll keep in mind the PCI/HIPAA use cases too when I go to document it.

numair commented 1 year ago

@benbjohnson thanks! Looking forward to switching over from Postgres for secure data use cases.

titanism commented 1 year ago

@benbjohnson just following up to see if encryption is supported yet? We're looking at using https://github.com/m4heshd/better-sqlite3-multiple-ciphers which supports multiple encryption methods including https://github.com/utelle/wxsqlite3#wxsqlite3---a-lightweight-wrapper-for-sqlite (e.g. sqleet by default; ChaCha20 - Poly1305 HMAC).

benbjohnson commented 1 year ago

@titanism The encryption referenced in this issue will be for the transaction files that are shipped out to replicas and backups. I'm not sure if we'll support client-side encryption as there are a number of libraries that all do it differently.

titanism commented 1 year ago

@benbjohnson Thanks - we're using https://github.com/m4heshd/better-sqlite3-multiple-ciphers right now with sqlcipher and the legacy=4 flag so we can use it with https://github.com/sqlitebrowser/sqlitebrowser. LiteFS looked like a promising approach for replication, but we need the db's to be encrypted.