|
|
|
|
|
|
by hn_throwaway_99
960 days ago
|
|
|
Only if you need the auditability at that granular a level. For us, each user has (for the most part) their own data key, and most of the time a user is accessing their own data. So we can decrypt the key once and then cache it for the rest of the user's session. This tells us "the user accessed their private data", so we don't get the per value auditability, but for us that was sufficient. If you want, you could even have different data keys based on sensitivity, e.g. a user's name, phone, address is encrypted with one data key but their SSN or credit info is encrypted with another. |
|
|
The other consideration is how to safely cache the data key? What if the cache is popped?