PII data gets stored as plain text - AES possible?

day · November 25, 2024, 12:20pm

Expected Corteza to handle data encryption automatically and not store any sensitive data as plain text once sensitivity levels at module & record fields along with “Data at rest protection provided in Connections” are enabled.

Did I miss a critical step?

Setup & database sample where data is stored as plain text in database:

System → Connections → Primary Connection
System → Sensitivity Levels → PII

dal_sensitivity_levels
INSERT INTO public.dal_sensitivity_levels (id, handle, level, meta) VALUES (417852788414676993, ‘pii’, 10, ‘{“name”: “PII”, “description”: “For all PII data”}’);

compose_module_field
INSERT INTO public.compose_module_field (name, label, config) VALUES (‘phone’, ‘Phone number’, ‘{“dal”: {“encodingStrategy”: null}, “privacy”: {“usageDisclosure”: “Customers phone number is PII data”, “sensitivityLevelID”: “417852788414676993”}, “recordRevisions”: {“enabled”: false}}’);

compose_module
INSERT INTO public.compose_module (handle, name, meta, config) VALUES (‘customers’, ‘Customers’, ‘{}’, ‘{“dal”: {“ident”: “”, “constraints”: null, “connectionID”: “417852788131823617”, “systemFieldEncoding”: {“id”: null, “meta”: null, “ownedBy”: null, “moduleID”: null, “revision”: null, “createdAt”: null, “createdBy”: null, “deletedAt”: null, “deletedBy”: null, “updatedAt”: null, “updatedBy”: null, “namespaceID”: null}}, “privacy”: {“usageDisclosure”: “PII of customers”, “sensitivityLevelID”: “417852788414676993”}, “discovery”: {“public”: {“result”: [{“lang”: “”, “fields”: []}]}, “private”: {“result”: [{“lang”: “”, “fields”: []}]}, “protected”: {“result”: [{“lang”: “”, “fields”: []}]}}, “recordDeDup”: {}, “recordRevisions”: {“ident”: “”, “enabled”: false}}’);

compose_record
INSERT INTO public.compose_record (rel_module, values) VALUES (417852788433289217, ‘{“name”: [“John Doe”], “phone”: [“1234567890”], “linkedin”: [“https://www.linkedin.com/john-doe”]}’);

nmccarthy · December 6, 2024, 9:19am

Hi @day Corteza does not provide encryption for data at rest itself. It relies on having an encrypted underlying database, an encrypted disk and appropriate implementation of read/write permissions.

The sensitivity levels are defined by you and can be used with Corteza Privacy, which is specifically for organising your privacy activity rather than encrypting. In short, Corteza assumes you will encrypt all data at rest by default.

We have considered implementing data-at-rest encyption features within Corteza itself previously and are open to considering it again if this is a conversation you’d like to have

day · December 6, 2024, 1:43pm

Thank you for the clarification @nmccarthy!

Would you be interested in collaborating on a reference implementation for data-at-rest encryption that could benefit the broader Corteza community? Can explore paid engagement as well if this is something Corteza’s core team would like to take up.

nmccarthy · December 6, 2024, 1:50pm

Thank you @day.

How urgent is this from your perspective? I can see the benefits, it’s just that we don’t get many requests for this feature.

day · December 6, 2024, 2:55pm

While not immediately critical, data-at-rest encryption will become important for our implementation by March 2025. We’re currently exploring Corteza’s API capabilities, and data security for PII-specific records is a key requirement in our roadmap.

Do let me know how we can take this ahead.

nmccarthy · December 6, 2024, 3:12pm

Hi @day can you send me a message to niall.mccarthy@crust.tech please? We can discuss further from there