Encrypt uploaded files at rest in Azure with key per casa org

[compwron]

What type of user is this for? volunteer/supervisor/admin/all all / none

Description Encrypt uploaded files at rest in Azure with key per CASA org to prevent PG from having even theoretical data access to other CSA's files stored in PG's Azure account

We should talk this through with several securityish people before deciding how to build this... maybe we can bring in Betsy and Aaron?

I was chatting with Sean about the conversation we had about the active storage stuff and the worry of Ann Marie having access to the azure stuff stored by other groups. We found this gem https://github.com/ankane/lockbox looks like might be a good solution. Wondering what ya’ll think!

Screenshots of current behavior, if any n/a

QA Login Details: url: https://casa-qa.herokuapp.com/ password for all users: 123456

Log in using any of the below emails, depending on the account type you'd like to log in as.

• [email protected]
• [email protected]
• [email protected]