|
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 |
- # Encryption
-
- ## Database
- Bubble supports column-level encryption. Columns are encrypted with a symmetric key defined by the `BUBBLE_DB_ENCRYPTION_KEY`
- environment variable, set in the [Bubble environment file](env_file.md).
-
- ### Rekeying the Database
- Rekeying the database means to change the encryption key. This is accomplished by setting up a second, empty database and
- then running a "rekey" command that reads all data from a source database using that database's encryption key, then writing
- all the data into the new empty database using a new encryption key.
-
- * Stop the Bubble API server
- * Backup the Bubble database
-
- `pg_dump -U bubble bubble | gzip > /path/to/backup.tgz`
- * Create a new PostgreSQL database with the same schema as the source database, but no data, for example, if the source database is named `bubble` and the destination database is named `new_bubble`, you would run:
-
- `createdb new_bubble && pg_dump --schema-only -U bubble bubble | psql -U bubble new_bubble`
- * Run the rekey command to read all data from the source database, and write to the destination database:
-
- ```code
- ./bubble/bin/bubble rekey \
- --jar ${BUBBLE_JAR} \
- --db-user ${DB_USER} \
- --db-password "${DB_PASS}" \
- --from-db ${FROM_DB} \
- --from-key "${FROM_KEY}" \
- --to-db ${TO_DB} \
- --to-key "${TO_KEY}"
-
- The shell variables above are:
- BUBBLE_JAR : path to the Bubble API JAR file
- DB_USER : name of the PostgreSQL user, usually bubble
- DB_PASS : password for the PostgreSQL user. To use an env var, prefix with @, for example @PGPASSWORD
- FROM_DB : name of the source database, typically bubble
- FROM_KEY : encryption key for the source database (or env var if prefixed with @), typically @BUBBLE_DB_ENCRYPTION_KEY
- TO_DB : name of the destination database, for example new_bubble
- TO_KEY : encryption key for the destination database
- ```
-
- * The rekeying is now complete. Drop the old database, and rename the new database. You may need to become the postgres user to run these commands.
-
- `dropdb bubble && psql -c 'ALTER DATABASE new_bubble RENAME TO bubble'`
-
- * Restart the Bubble API server
-
- ## Redis
- Redis values are encrypted with a symmetric key, defined by the `BUBBLE_REDIS_ENCRYPTION_KEY` environment variable,
- set in the [Bubble environment file](env_file.md).
-
- ### Rekeying Redis
- Because only temporary data is stored in redis, there is a very simple rekey procedure:
-
- * Stop the Bubble API server
- * Flush all Redis data: `redis-cli flushall` OR `echo flushall | nc 127.0.0.1 6379`
- * Set a new encryption key (set a new value for `BUBBLE_REDIS_ENCRYPTION_KEY` in the bubble env file)
- * Restart the Bubble API server
-
- ## Cloud Storage
- All data stored in cloud storage (which include backups) is encrypted locally using a key that is specific to that
- particular cloud storage. The key is generated automatically prior to first use.
-
- If an upstream Sage Node is providing access to the cloud storage, it will not be able to see any of the data being read or written.
- The file names or "keys" to the data itself are not encrypted, so these names would be visible to the Sage.
- Bubble does not include any sensitive information in filenames stored in cloud storage.
-
- ### Rekeying Cloud Storage
- To rekey cloud storage, one would create a new cloud storage service with a different prefix path, then copy all the data
- from the old service to the new service, then delete all the data stored via the old service.
-
- TODO: document the procedure for rekeying a cloud storage service
|