Draft: Encrypt messages in db - Fernet (!31) · Merge requests · Ylitse / ylitse-api

Ahto Jussila requested to merge ahto/msg-crypt-fernet into master Nov 13, 2021

Encrypt chat messages using Fernet.

Review instructions

To run all the code in migrations you should first have some messages in your database before trying to run the db migrations.

Eg:

git checkout master
make db-reset
YLITSE_NEW_MESSAGES=10000 YLITSE_NEW_PASSWORD=... YLITSE_MENTOR_USERNAME=mentor10k YLITSE_MENTEE_USERNAME=mentee10k ./generate_random_messages.py

Then change the branch.

git checkout ahto/msg-crypt-fernet

Make sure you have an encryption key in your config file. To generate new key you can run:

make --no-print-directory generate-key > ~/.config/ylitse/ylitse.key
echo "encryption_key_file: $(readlink -f ~/.config/ylitse/ylitse.key)" >> ~/.config/ylitse/ylitse.conf

Then run migrations. During migration all messages are encrypted.

make db-upgrade-head

To run the rollback that will decrypt all messages in db, you can run

alembic downgrade -1

Edited Nov 30, 2021 by Ahto Jussila

Draft: Encrypt messages in db - Fernet

Review instructions

Merge request reports