Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow encrypted sensitive mappings #997

Open
rbino opened this issue Oct 2, 2024 · 0 comments
Open

Allow encrypted sensitive mappings #997

rbino opened this issue Oct 2, 2024 · 0 comments

Comments

@rbino
Copy link
Collaborator

rbino commented Oct 2, 2024
edited
Loading

If Astarte needs to send some sensitive information to devices (e.g. credentials of some sort) it would be nice to have the ability to mark some mappings in an interface as sensitive.

This could potentially do some of these things:

  • Not save the value in the database (data is already encrypted during transmission, the problem is not having it encrypted at rest)
  • Have some kind of initial key exchange between the SDK and Astarte which determines a shared key that is used to encrypt the sensitive data
  • Use the device certificate (public key) to encrypt the data so that only the device can decrypt it with its private key

Each of the approaches above has its pros and cons, the implementation details have to be worked out if we ever decide to work on this feature
@rbino rbino changed the title Allow encrypted sensitive endpoints Allow encrypted sensitive mappings Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rbino