You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Could also be a custom FTL type like ftl.Optional but instead ftl.Encrypted. That might have a Decrypt() func that could be used to get the underlying value explicitly when needed.
Challenge, can we keep sensitive data encrypted as long as possible while processing it through FTL. Require explicit Decrypt or “Access” calls to retrieve plaintext.
Ideally this should extend down to the database layer where possible, eg. types that represent that a field is encrypted, etc.
Can we support Tink's associated data concept?
The text was updated successfully, but these errors were encountered:
alecthomas
changed the title
Encrypted field annotations (for things like PII, etc.) on structs? +1
Design+impl: encrypted field annotations (for things like PII, etc.) on structs? +1
Aug 25, 2024
Challenge, can we keep sensitive data encrypted as long as possible while processing it through FTL. Require explicit Decrypt or “Access” calls to retrieve plaintext.
@AlexSzlavik we can do this (it's how FTL is doing it currently), but the ergonomics are pretty painful (in Go in particular) because of the need to check decryption/encryption errors on every field access.
alecthomas
changed the title
Design+impl: encrypted field annotations (for things like PII, etc.) on structs? +1
Design+impl: encrypted field annotations (for things like PII, etc.) on structs?
Aug 26, 2024
ftl.Optional
but insteadftl.Encrypted
. That might have aDecrypt()
func that could be used to get the underlying value explicitly when needed.The text was updated successfully, but these errors were encountered: