-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Doc encryption with symmetric key #2731
feat: Doc encryption with symmetric key #2731
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I think you're going in the right direction. I have 2 main critiques at this stage. The first, as mentioned in an other comment, is the passing of a key on document create. I think we should avoid doing this and let Defra create a new key when needed. The second is the use of the context for the encryption key and store. It feels like it's making it more complex than it needs to be. We can discuss it some more in the standup or in a separate call if you want.
49fa643
to
045d85a
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #2731 +/- ##
===========================================
- Coverage 78.99% 78.69% -0.30%
===========================================
Files 315 318 +3
Lines 23873 24128 +255
===========================================
+ Hits 18858 18987 +129
- Misses 3649 3772 +123
- Partials 1366 1369 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
... and 12 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
45fe582
to
b66171a
Compare
a21c890
to
fd6893b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Just a few small things to clear up.
d8bff10
to
87574dc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Part way through my review but need to get some food - looks good so far :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good, just a handful of smaller comments for you before merge :)
internal/planner/create.go
Outdated
if len(n.docs) == 1 { | ||
err = n.collection.Create(n.p.ctx, n.docs[0]) | ||
} else { | ||
err = n.collection.CreateMany(n.p.ctx, n.docs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
todo: I do disagree with creating docs in Start
- it feels like it is very much in the wrong place and may trip us up in the future (if not by being technically annoying for some future change, it seems likely to cause 'surprise').
Please either move this call into Next
, or discuss in in discord/standup (for greater visibility).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand your concern. I had similar feelings but thought it was highly unlikely and having a nicer code was worth it. If you think otherwise, I will move it to Next
. No problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Islam, sorry about the bother, and I understand it is a bit 'abstract' in this case, but I do think it is in the wrong place atm. Ideally we would remove the Start/Init funcs anyway, and conceptually I very much think the 'creating' part of a 'create' iterator should be done in the iteration funcs (next/value).
@@ -103,6 +103,8 @@ type Block struct { | |||
Delta crdt.CRDT | |||
// Links are the links to other blocks in the DAG. | |||
Links []DAGLink | |||
// IsEncrypted is a flag that indicates if the block's delta is encrypted. | |||
IsEncrypted *bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
todo: Please don't use a pointer for a boolean, it feels very wasteful and confusing - suggesting that it's pointerness may be used for odd mutation reasons. If you want it to be optional, please use immutable.Option
instead, it is much cheaper, less confusing, and wont contribute to GC pressure.
If you have a very specific reason for using a pointer here, please document it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
documented
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM Islam :) And thanks for the random little cleanups you made along the way :)
Relevant issue(s)
Resolves #2711 #2808
Description
This change introduces doc encryption. Upon creation of a document the user can pass the encryption flag which will signal to db to create a new symmetric key using AES-GCM and will store it locally.
With the encryption flag all doc fields (deltas) being stored in the DAG encrypted. The datastore will still store data as plain text, as for it's encryption we can use encryption-at-rest.
Decryption is not used at the moment, as it is relevant only p2p environment and we don't have yet key exchange mechanism. All peers sync encrypted data.
This PR also adds 2 new parameters to GraphQL
create_
mutation:inputs
: a list of documents to be createdencrypt
: flag that indicates if document(s) need to be encrypted.