Roundup Tracker - Issues

Issue 2551314

Support encrypted databases (sqlite and possibly others)
Type: rfe Severity: normal
Components: Database Versions:
Status: new
: : rouilj
Priority: :

Created on 2024-02-11 22:57 by rouilj, last changed 2024-02-11 22:57 by rouilj.

msg7938 Author: [hidden] (rouilj) Date: 2024-02-11 22:57
In a discussion last week, I was asked if the Roundup db could provide encryption at rest.
The attack mode was a user who could copy the db files. They already use full disk
encryption but it is not a solution to this threat profile. I stated that was not a
use case for Roundup. They ran both PostgreSQL and MariaDB.

However it looks like sqlite could support it. does AES256 encryption (similar to SEE) and does have
an open source implementation. It also has a DBI 2 python library

Native SQLite has the SEE sqlite encryption extension. Which is supported by the maker
of SQLite, but is a paid addon. AFAICT there is no python module for it.

MySQL/MariaDB has transparent data encryption, but I have no idea how to manage that
from Python. PostgreSQL does have some patches and commercial solutions for disk DB
encryption, but again no obvious python support. There is public function to encrypt
columns, but again python support is a question There is a django-pycrypto
module that looks like it django's solution to this. Obviously for this to
be useful SSL/TLS connections to the db server would also be needed.
Date User Action Args
2024-02-11 22:57:50rouiljcreate