This repository has been archived by the owner on Oct 5, 2020. It is now read-only.
Sys-Core: Badger DB encryption at rest needed for V2 #639
Comments
|
starting |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://github.com/getcouragenow/packages/blob/master/SECURITY.md
So for V2 its only the DB encrypted that is needed.
Is already audited. BadgerDB used by GraphQL. ?
See: https://dgraph.io/blog/post/encryption-at-rest-dgraph-badger/
Key Rotation
The user can change this schedule using the Options.WithEncryptionKeyRotationDuration
“badger rotate --dir=badger_dir --old-key-path=old/path --new-key-path=new/path”
We need Streaming ?
In order to immediately encrypt all of an existing Badger datastore, you should:
Export your Badger datastore
Start a new instance of Badger with encryption enabled
Import your data into the new Badger datastore.
This can be done using badger backup and badger restore tools already available. Otherwise, a simple tool could be written using Stream Framework and StreamWriter interface to allow this to happen without exporting and with a stunning 1.6Gbps throughput.
Code for all this is here !
https://github.com/dgraph-io/badger/tree/master/badger/cmd
https://github.com/dgraph-io/dgraph/tree/master/dgraph/cmd/cert
We also need backup and restore
So lets back all this into the sys-core CLI !!
The text was updated successfully, but these errors were encountered: