Privacy suggestion
I'd like to be extra cautious with my users's privacy, and I'd like to encrypt their PII in the database. What is the recommended way to do that?
It looks like Vault is more for secret keys and not for customer data.
On previous projects I've used
pgp_sym_decrypt and pgp_sym_encrypt
Is this still a valid/recommended approach?
By the way, it would be ideal if the emails stored in the Auth system would ALSO be encrypted. Is this possible?
Thanks!12 Replies
It is not possible to encrypt the emails in auth.
What are you trying to protect from? With any serverside encryption you or your staff can see all the data if you really want to.
I believe pgcrypto is the only method available now.
trying to protect from my supabase account getting hacked and someone dumping the DB
If they have access to your account and you encrypt serverside they can just decrypt it. Vault stores the secret off of the DB so if someone does a dump or back up they don't get the key.
But Vault is not recommended for user info, and you can't encrypt auth schema columns.
i figured emails in auth could not be encrypted... that's why i said "ideal". But not a deal breaker... emails already get hacked all the time. 😅
As long as I can encrypt everything else (name, address, etc) it should be safe enough.
just trying to separate risk as much as I can... if I encrypt on the server side and just store the encrypted data, and someone hacks into my supabase account how could they decrypt the data? If the keys to decrypt are not there?
Where are the keys?
speaking out loud, sounds like I shouldn't even use pgcrypto, as that would require to send the password in the queries
just encrypt everything server side and send over to supabase the already encrypted data
Yes that is more "client" side encryption to Supabase.
client as in something communicating with supabase right? not client side (browser)
so, a server using nodejs you are considering as client?
Just can't use the data in queries.
I'm just saying client in the context of REST API calls coming from there. Not browser or end user.
Supabase does not know anything about the encryption you are doing before you call supabase-js.
yes... aware. PII is not something to be used in queries anyway...
for an address for example, thinking about encrypting address line, but leaving country unencrypted (for analytics)
should be safe enough to preserve privacy, but still usable for the system
Sounds good.
alright, thanks for the input!