If the user deletes or changes a key in the DB, all previous encrypted rows will error when accessing #2348
Assignees
Labels
security
relates to security (regardless of priority)
Comments
gak
added
triage
Open
github-merge-queue bot
pushed a commit
that referenced
this issue
Aug 14, 2024
Fixes #2290 Follows #2312 Needs work: #2346 #2348 > [!CAUTION] > Will nuke logs and async columns! - Uses KMS via tink `FTL_KMS_URI`, so `fake-kms://` or `aws-kms://` will work. Omitting will not encrypt. - Remove old plaintext keys envs. --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Matt Toohey <[email protected]>
gak
added
backlog
|
Goal to just create two fields in the keys table for each subkey and just encrypt a common test word. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Deleting a row is easy for the user to do without realising the implications.
However updating the row required a fair amount of effort so maybe less important.
Solution A
FK from each encrypted row into the keys table, so that the rows must be deleted before deleting the key. This won't help with a user modifying the key.
Solution B
Have some data in the DB that is encrypted and checked on startup. If it can't decrypt we know the key was deleted or changed.
The text was updated successfully, but these errors were encountered: