add encryption to Hook.datastore and Hook.env data

[Marak]

All user-stored data through the datastore and hook environment variables should be encrypted automatically.

While there is currently a role check for access to this data, ideally it should be encrypted to protect the privacy of our users.

The keys for this data will be stored as part of the separately encrypted configuration file.

[Marak]

@joshgillies

Do you have any time to work on this issue along with #114 ?

This would be a potential good first task to get started on for contribution to the project.

How many hours would you estimate it would take for you to complete #108 and #114 ?

[joshgillies]

@Marak

Sure, I'll dive in and see what the deal is here.

An estimate of hrs at this stage is tricky given I'm still not entirely across the code base, so some direction as to where to start would be appreciated.

That being said, adding encryption isn't much of a challenge, so once I know where the changes need to be made I'll likely be able to get a PR together for #108 with relative ease.

Once that's in place I'll focus on #114. :smile:

[Marak]

@joshgillies -

Sounds good.

I think a good approach might be creating a new encryption resource which exposes a generic encrypt and de-crypt method.

From here, we can utilize the resource library's .before() and .after() method hook functionality. Here is a working example of how we are doing it for user passwords: https://github.com/bigcompany/user/blob/master/index.js#L34

The idea would be that before any saves to the datasource, we encrypt. Anytime we retrieve encrypted data, it will attempt to decrypt. By placing before and after encryption hooks on our data access layer, we ensure that a developer doesn't accidentally expose data in the future. It also keeps our core API cleaner.

Would recommend first building the stand-alone encryption resource and review from there.