Stream: hapi
Topic: DB encryption (TDE / at rest)
Jose Costa Teixeira (Feb 28 2022 at 20:48):
I'm asked whether/how HAPI can be used on an encrypted PostgresQL DB and if there is any knowledge or specific requirements about setting up that encryption.
Jose Costa Teixeira (Feb 28 2022 at 20:48):
Does anyone have any pointers?
Jose Costa Teixeira (Feb 28 2022 at 20:50):
the goal is, I guess, the "plat du jour":
To allow that no user gets access to unencrypted data, only hapi. Even if they steal the HDD with the DB in it and they know an admin password
Patrick Werner (Feb 28 2022 at 21:24):
I would go with encryption on the FS layer (e.g. encrypted ZFS pools) to store the postgres & lucene/elasticsearch data.
Patrick Werner (Feb 28 2022 at 21:26):
you also could use ssl-mode on the jdbc driver to encrypt the transport: hapi <-> DB
Last updated: Apr 12 2022 at 19:14 UTC
