Zero-knowledge server

[ageis]

This is a continuation of #16.
IMO the practices outlined in are not necessarily reassuring.

All commands are stored in a non-relational database that is encrypted at rest using storage level encryption via LUKS.
No Bashhub maintainer ever accesses commands unless required for support reasons. When working to support issues we do our best to respect your privacy as much as possible and only access what's needed to resolve an issue.

I recommend implementing a zero-knowledge database solution, where the server possesses ciphertext yet no ability to decrypt it. Only clients should be able to decrypt.

See: https://gist.github.com/thiloplanz/e1136a04b26c138c8225 for some initial suggestions. That includes CryptDB (GitHub).

[rcaloras]

@ageis appreciate the feedback and thanks for checking out Bashhub. In your recommended implementation, there's no way to support text search correct? Searching for commands would have to be done entirely client side?

Rather than implementing a zero knowledge database solution that would trade features and quality, the community has generally advocated for a an open source version of the server to run personal instances. I'm currently developing an open source version of the server to support this.

[rcaloras]

Closing for now as I believe this feedback is already being tracked by #22. Thanks for the Feedback @ageis!