The application we are developing will be used to store ultra-sensitive information. I am looking at “best in class” data encryption schemes, for example, this whitepaper from Dashlane, a system used to store credentials:
For the “authentication” item on the 2018 roadmap, are there any plans to also support encryption of the data on disk?
2 Likes
Wanted to add a couple more comments as the above may have been a bit vague.
If the goal is to encrypt data “at rest” and also protect against dgraph software ever being compromised, encryption of dgraph data could live entirely in userland. All data can be encrypted / decrypted on the client side and stored / retrieved from dgraph in that encrypted state. The biggest problem with this is that without some clever tricks (not sure what these would be), I think the only usable indexes would be exact, hash, and count indexes, since other index types rely on dgraph being able to read underlying plaintext values.
If this approach is taken by an app, a Dgraph auth feature may not be needed at all, as access to keys to decrypt values in subdivisions of the database can be managed in the application layer.
1 Like