Encrypt user data at rest #129
Labels
No Label
service
accounts
service
discourse
service
drone-ci
service
email
service
garage
service
gitea
service
ipfs
service
mastodon
service
postgres
service
remotestorage
service
wiki
service
xmpp
bug
design
dev environment
docs
duplicate
enhancement
feature
good first issue
idea
invalid
kredits-1
kredits-2
kredits-3
on hold
ops
question
release
major
release
minor
release
patch
security
ui/ux
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Blocks
#175 Replace andromeda.kosmos.org
kosmos/chef
Reference: kosmos/chef#129
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
First thing that comes to mind is the ejabberd database, which contains lots of metadata, even if the contents of personal communications are encrypted.
Sovereign uses EncFS for this, and I think that's actually a pretty good idea. Also supposedly faster with HDDs (which we use on Andromeda for example).
https://github.com/vgough/encfs
Good idea. We might want to compare it with eCryptfs and other solutions
Regarding ecryptfs, that's what I meant with faster on HDDs, but didn't explain in detail:
https://github.com/vgough/encfs#fast-on-classical-hdds
Closing this issue now. We have implemented a cookbook for this, which is already being used on the new servers. And every service we migrate to one of the new machines (which will be all of them soon) will use encrypted directories for all user data.