centraldogma icon indicating copy to clipboard operation
centraldogma copied to clipboard
verified publisher icon line

Support content encryption within CentralDogma

Open jrhee17 opened this issue 3 years ago • 1 comments

Just wanted to float this idea with other maintainers.

We may want to support data encryption within central dogma so users can save sensitive data. (and centraldogma can possibly also act as a backend for a KMS)

One idea I had was:

  • Users can register a key[s] when creating a repository.
  • The registered key[s] encrypt the content when stored.
  • Users send over a private key when reading/modifying content. Alternatively, the encrypted content could be fetched and decrypted using a user's private key locally.

caveats:

  • Each file content would be encrypted, but the directory structure will still be visible
  • We should make sure that the encryption/decryption is performant since central dogma may host a large number of files with reasonable size (10MB~)
  • TBU...

jrhee17 avatar Nov 17 '22 07:11 jrhee17

Instead, we could consider encrypting the entire repository? https://git-annex.branchable.com/tips/fully_encrypted_git_repositories_with_gcrypt/

trustin avatar Feb 14 '23 02:02 trustin