Draft: Encrypt messages in db - Fernet
Encrypt chat messages using Fernet.
Review instructions
To run all the code in migrations you should first have some messages in your database before trying to run the db migrations.
Eg:
git checkout master
make db-reset
YLITSE_NEW_MESSAGES=10000 YLITSE_NEW_PASSWORD=... YLITSE_MENTOR_USERNAME=mentor10k YLITSE_MENTEE_USERNAME=mentee10k ./generate_random_messages.py
Then change the branch.
git checkout ahto/msg-crypt-fernet
Make sure you have an encryption key in your config file. To generate new key you can run:
make --no-print-directory generate-key > ~/.config/ylitse/ylitse.key
echo "encryption_key_file: $(readlink -f ~/.config/ylitse/ylitse.key)" >> ~/.config/ylitse/ylitse.conf
Then run migrations. During migration all messages are encrypted.
make db-upgrade-head
To run the rollback that will decrypt all messages in db, you can run
alembic downgrade -1
Edited by Ahto Jussila