|
|
|
|
|
|
by freeqaz
1402 days ago
|
|
|
So I've actually spent about a year of my life working to solve this exact problem. Specifically: How do you prevent a single point of failure from leaking everything sensitive in a database. It turns out that it's a pain in the rear, but it's possible. You can read through the docs about the design on the site[0]. The parts that I haven't implemented yet, and that limit it's utility in production, are around searching the encrypted data (requires a second vault using asymmetric encryption) and some more in-depth disaster recovery (secure token recovery). Here is a link to the GitHub[1] for it all. 0: https://www.lunasec.io/docs/pages/lunadefend/overview/introd... 1: https://github.com/lunasec-io/lunasec/tree/master/lunadefend |
|
|