Hi,
I want to store user’s sensitive information to the Dgraph. It could be login credentials, email (in some use case) , card details etc.
Does Dgraph provides any support to encrypt and decrypt few of the attributes?
And if yes then can I also search on that value (emails) ?
Thanks
Hi Sanjay,
A few things may help.
Dgraph has an enterprise edition which encrypts data on disk, so someone with root access on the machine cannot read the data - only Dgraph queries would access the data.
The enterprise addition also has ACLs, which lock down fields using roles in JWT tokens. In that approach, you would lock down the email property by requiring some role to be present for the user (e.g. name this PII-reader, or admingroup etc.).
With those two, only someone with the right token can see emails, but others can query the DB and they will not see any emails.
Without the enterprise edition, you can encrypt the email and store the encrypted value. You can search it for the full encrypted text, but cannot search it for specific tokens, words, or regex values, since it is encrypted text, not searchable. Of course you would also have to decrypt in the client layer.