Client side encryption support for remote storage #468
Conversation
|
@hifi Any objections to upgrading to |
| return nil, err | ||
| } | ||
|
|
||
| r.AgeIdentities = append(r.AgeIdentities, identities...) |
There was a problem hiding this comment.
Why the append() instead of just assigning the identities? Same goes for the recipients below.
There was a problem hiding this comment.
age.ParseIdentities and age.ParseRecipients work with NL terminated lists and in the config format I chose to use real YAML lists instead of a multi line string to store them, hence need to loop and append them when parsed one by one.
If preferred I can change both to string from []string, then it's just an assignment.
There was a problem hiding this comment.
Ah, sorry, I misread it. Yeah, that's fine. 👍
| // Encryption identities and recipients | ||
| AgeIdentities []age.Identity | ||
| AgeRecipients []age.Recipient |
There was a problem hiding this comment.
I don't mind the stutter as much on the struct here. Mostly just the config.
replica.go
Outdated
| // We need to ensure the pipe is closed. | ||
| defer pw.Close() |
There was a problem hiding this comment.
This seems like it should go at the start of this anonymous function rather than in this if block.
There was a problem hiding this comment.
Indeed. It wasn't a problem with the compressor that the pipe wasn't closed but with age the last chunk was cut off so I if guarded it. Shouldn't be a problem it's deferred at the beginning.
hifi
force-pushed
the
for-upstream/encryption
branch
2 times, most recently
from
0b4929f to
f165958
Compare
hifi
force-pushed
the
for-upstream/encryption
branch
from
f165958 to
6f495fa
Compare
| return nil, err | ||
| } | ||
|
|
||
| r.AgeIdentities = append(r.AgeIdentities, identities...) |
There was a problem hiding this comment.
Ah, sorry, I misread it. Yeah, that's fine. 👍
|
Thanks, @hifi! Sorry for the delay. |
|
I would love to use this feature; is it documented anywhere? I can't seem to find it... |
|
@ixxie It's not yet in a final release so the website hasn't been updated. TL;DR for configuration using v0.3.10 beta if my memory serves right: dbs:
- path: /path/to/database.sqlite3
replicas:
- type: file
path: /path/to/backups
age:
identities:
- <identity>
recipients:
- <recipient>For how to generate age identities (private keys) and recipients (public keys), refer to the age documentation. Public keys are used for restore only and private keys are used for encryption only so it's possible to create a setup where a Litestream instance only encrypts with a public key but cannot restore from the destination on itself without giving it the private key. |
|
Thanks for the clarification @hifi! Is there somewhere I can keep track of the release schedule? |
|
As far as I know, the releases aren't on a schedule so they'll happen at their own pace. |
|
I see, thanks @hifi! |
Extremely simple Age wrapper that supports separate recipients and identities. Encrypts both snapshots and WAL files transparently. Technically possible to not have the private key at all if you never restore or do manual restores only.
You can migrate between encrypted/plain by adjusting the identities and recipients respectively but restoring will not work correctly if the remote files aren't encrypted when an identity is configured and vice versa so some care needs to be taken.
Intended use is to encrypt all data before sending out to a potentially untrusted storage provider.
This may conflict with #458 and fixes #88.