Sys-Core: Badger DB encryption at rest needed for V2 #639
Description
https://github.com/getcouragenow/packages/blob/master/SECURITY.md
So for V2 its only the DB encrypted that is needed.
Is already audited. BadgerDB used by GraphQL. ?
See: https://dgraph.io/blog/post/encryption-at-rest-dgraph-badger/
Key Rotation
The user can change this schedule using the Options.WithEncryptionKeyRotationDuration
“badger rotate --dir=badger_dir --old-key-path=old/path --new-key-path=new/path”
We need Streaming ?
In order to immediately encrypt all of an existing Badger datastore, you should:
Export your Badger datastore
Start a new instance of Badger with encryption enabled
Import your data into the new Badger datastore.
This can be done using badger backup and badger restore tools already available. Otherwise, a simple tool could be written using Stream Framework and StreamWriter interface to allow this to happen without exporting and with a stunning 1.6Gbps throughput.
Code for all this is here !
https://github.com/dgraph-io/badger/tree/master/badger/cmd
https://github.com/dgraph-io/dgraph/tree/master/dgraph/cmd/cert
- Looks like MTL certs gen. Nice
We also need backup and restore
So lets back all this into the sys-core CLI !!