zero icon indicating copy to clipboard operation
zero copied to clipboard
verified publisher icon commitdev

Add support and documentation for mulitple layers of encryption

Open bmonkman opened this issue 5 years ago • 0 comments

Document the encryption we enable by default (including pros and cons):

  • S3 bucket encryption
  • Database encryption through RDS
  • Password encryption provided by Kratos if applicable (related to #206)
  • TLS Certificates on public-facing load balancers

Add backend support and documentation for new features:

  • Ad-hoc symmetric encryption through KMS (including library support for backend languages)
  • Probably too much effort for now but at some point it might be nice to integrate vault.
  • At some point, look into a service mesh w/sidecar to be able to support full end-to-end encryption even inside the VPC
    • Maybe investigate sidecar TLS proxies as a light-weight way to do it before going all the way to service mesh.
    • Could investigate using the Consul Connect Injector in k8s to add sidecars, though it would require a consul cluster running in k8s.

bmonkman avatar Aug 18 '20 21:08 bmonkman