SurfSense icon indicating copy to clipboard operation
SurfSense copied to clipboard
verified publisher icon MODSetter

Encrypt stored API tokens

Open Adamsmith6300 opened this issue 8 months ago • 6 comments

Various tokens are stored when setting up connectors that I think should be encrypted for better security

Adamsmith6300 avatar Apr 15 '25 17:04 Adamsmith6300

Exactly, storing them in plain text will also raise compliance issues in future. What solution are you thinking for this? My Solution : I was just going to use this https://github.com/MODSetter/SurfSense/blob/2b7a1b10824818105b0a5850480841fc3677ac8c/surfsense_backend/.env.example#L3 as secret key and just write a class for encryption/decryption.

MODSetter avatar Apr 15 '25 19:04 MODSetter

Yup exactly. That should work for users locally. Ideally we should eventually add some secrets management integration to store and retrieve the secrets, particularly for your deployed version of surfsense.

We can use a Python package like 'cryptography' to encrypt and decrypt the tokens.

Adamsmith6300 avatar Apr 15 '25 21:04 Adamsmith6300

Currently, only the frontend is online, so there's no need to add a secret manager for now. I plan to deploy this online after 6-7 weeks.

Let me know if you want to try the implementation or want me to take it.

MODSetter avatar Apr 16 '25 01:04 MODSetter

Ahhh ok cool. Yes I'll take a stab at it. You mean encrypting the tokens or deploying the backend?

Adamsmith6300 avatar Apr 16 '25 01:04 Adamsmith6300

Ahhh ok cool. Yes I'll take a stab at it. You mean encrypting the tokens or deploying the backend?

I mean lets implement encryption/decryption of tokens for now.

Deployment is still a few months away so will add a secret manager then if needed.

MODSetter avatar Apr 16 '25 01:04 MODSetter

Ok perfect, yeah I'll handle this

Adamsmith6300 avatar Apr 16 '25 01:04 Adamsmith6300