Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for encrypting user metadata used by Sync. #1100

Merged
merged 13 commits into from
Nov 9, 2022
Merged

Add support for encrypting user metadata used by Sync. #1100

merged 13 commits into from
Nov 9, 2022

Conversation

elle-j
Copy link
Contributor

@elle-j elle-j commented Nov 1, 2022

Description

Closes #413.

Users can encrypt user metadata via AppConfiguration.Builder.encryptionKey() and access their encryption key via AppConfiguration.encryptionKey.

TODO

  • Changelog entry
  • Tests (if applicable)

@cla-bot cla-bot bot added the cla: yes label Nov 1, 2022
cmelchior
cmelchior suggested changes Nov 1, 2022
View reviewed changes
Copy link
Contributor

@cmelchior cmelchior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice. Only thing missing seem to be a test verifying that we actually encrypt the metadata realm.

...c/src/androidAndroidTest/kotlin/io/realm/kotlin/test/mongodb/shared/AppConfigurationTests.kt Outdated Show resolved Hide resolved
...c/src/androidAndroidTest/kotlin/io/realm/kotlin/test/mongodb/shared/AppConfigurationTests.kt Outdated Show resolved Hide resolved
cmelchior
cmelchior approved these changes Nov 4, 2022
View reviewed changes
Copy link
Contributor

@cmelchior cmelchior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I only have one smaller comment around the test and it needs to parse CI, but otherwise this looks ready to merge 👍

packages/library-sync/src/commonMain/kotlin/io/realm/kotlin/mongodb/AppConfiguration.kt Show resolved Hide resolved
...ages/test-sync/src/androidAndroidTest/kotlin/io/realm/kotlin/test/mongodb/shared/AppTests.kt Outdated Show resolved Hide resolved
...ages/test-sync/src/androidAndroidTest/kotlin/io/realm/kotlin/test/mongodb/shared/AppTests.kt Show resolved Hide resolved
...ages/test-sync/src/androidAndroidTest/kotlin/io/realm/kotlin/test/mongodb/shared/AppTests.kt Outdated Show resolved Hide resolved
clementetb
clementetb approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@clementetb clementetb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great 🚀

.../library-sync/src/commonMain/kotlin/io/realm/kotlin/mongodb/internal/AppConfigurationImpl.kt
public class AppConfigurationImpl constructor(
override val appId: String,
override val baseUrl: String = DEFAULT_BASE_URL,
override val encryptionKey: ByteArray?,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we keep a copy of the encryption key at SDK level? I think that we should not keep any copy, as they should be safely stored by the user or core.

RealmConfiguration also stores a copy. For that case we have a core function to retrieve the key, that would help testing, but we lack of such function for the metadata encryption key.

We could address this in another PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, this is a bit of a smell, but I wouldn't consider it a big deal, since if you have access to read the memory where this key resides, you also have access to the open Realm and can just ask Core for the data.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting points. Currently, however, the exposed core function realm_config_get_encryption_key (not for metadata) is not used in any configuration class. The actual functions are implemented but yes, a copy is still being stored.

cmelchior
cmelchior approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@cmelchior cmelchior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 🚀

@elle-j elle-j merged commit 01f9198 into master Nov 9, 2022
@elle-j elle-j deleted the lj/app-config-encryption branch November 9, 2022 08:59
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nhachicha nhachicha nhachicha left review comments

@cmelchior cmelchior cmelchior approved these changes

@clementetb clementetb clementetb approved these changes

@edualonso edualonso Awaiting requested review from edualonso

@rorbech rorbech Awaiting requested review from rorbech

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AppConfiguration - encryptionKey
4 participants
@elle-j @cmelchior @nhachicha @clementetb