Encrypting data at rest

(dhyasama) #1

For a variety of reasons I’d like to encrypt all data at rest in our private financial forum. What are the options and issues?

At the database level, common approaches are column-specific, whole database, and whole disk. Are any of these possible with Discourse? If so, what are the pros and cons?

For attachments, I’m uploading to S3 and plan to turn on server-side S3 encryption which should be transparent to Discourse. Has anyone tried this yet?

(Sam Saffron) #2

I would recommend

  1. Disabling S3 and handling all data yourself
  2. Enabling full disk encryption on your linux server

I would strongly recommend not trying to hack the app to support this edge case, its a solved problem.

(Jeff Atwood) #3

Option #3 there, to enable Postgres encryption, is also a good possibility. But doesn’t cover uploads, images, or attachments of course… only things stored in the database, which is most stuff in Discourse.

(Sam Saffron) #4

That is basically #2

Data Partition Encryption
On Linux, encryption can be layered on top of a file system mount using a “loopback device”. This allows an entire file system partition be encrypted on disk, and decrypted by the operating system. On FreeBSD, the equivalent facility is called GEOM Based Disk Encryption, or gbde.

This mechanism prevents unencrypted data from being read from the drives if the drives or the entire computer is stolen. This does not protect against attacks while the file system is mounted, because when mounted, the operating system provides an unencrypted view of the data. However, to mount the file system, you need some way for the encryption key to be passed to the operating system, and sometimes the key is stored somewhere on the host that mounts the disk.

The other option for encryption is not applicable

Encryption For Specific Columns requires application level changes

(Jeff Atwood) #5

Oh wow Postgres doesn’t offer table level encryption?

(Sam Saffron) #6

yeah you would need to do it column by column, but the general approach is just to do this at filesystem level. simpler.

(dhyasama) #7

Relevant article for AWS users: