You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It could be fun to make it add initial basic crypto support to this project.
The way I imagine it working is that you would "tag" (with Proto extensions, perhaps?) some parts of models marked secret. It would be nice to keep this nicely "modular" and avoid having to "bake this into the core" of Enola.
The secret parts of any model would then be encrypted on the client (CLI, for now, Web, later) and stored "encrypted at rest" on the server (e.g. in the File System Repository), and could later be decrypted again on the client.
There are a bunch of pre-requisites for this, at least including:
enola put is missing, and it seems less fun without that
vorburger
changed the title
Initilal Cryptographic Support to have (some parts of) models en/de/crypted
Initial Cryptographic Support to have (some parts of) models en/de/crypted
Sep 29, 2023
Actually, decrypt: scheme specific part start should somehow include if what follows is an encrypted secret itself, or a delegated URL where to fetch one from.. e.g. decrypt:http://server/secret.pgp.
The "decrypted Form" of such secrets should use secret-token: (bearer) scheme, as per RFC 8959.
It could be fun to make it add initial basic crypto support to this project.
The way I imagine it working is that you would "tag" (with Proto extensions, perhaps?) some parts of models marked
secret
. It would be nice to keep this nicely "modular" and avoid having to "bake this into the core" of Enola.The
secret
parts of any model would then be encrypted on the client (CLI, for now, Web, later) and stored "encrypted at rest" on the server (e.g. in the File System Repository), and could later be decrypted again on the client.There are a bunch of pre-requisites for this, at least including:
enola put
is missing, and it seems less fun without thatenola --server
is missing, as the "flip side" of the (existing)enola server
[This was done in feat (cli): Introduce --server (still un-tested & un-documented) #300 and fix (cli): Download Descriptor Protos from Server (and --server etc. docz) #312.]The text was updated successfully, but these errors were encountered: