Poncho
Poncho6mo ago

Encryption using Deno KV and OAuth?

I'm creating a note-taking app using most of Deno's tools. I was thinking about encrypting user notes for additional privacy. The problem I have is that I don't know how to generate and manage the encryption keys without somehow storing them in the server. If anyone has any pointers on how to achieve this I would love to hear it, thank you.
5 Replies
foobar
foobar6mo ago
You need key to encrypt/decrypt. 3 possibilities for me, key - can be hard coding (bad way) - get from .env - store it in KV
cknight
cknight6mo ago
The encryption key needs to be external to the code and the KV store. Options to supply this typically include passing in the encryption key via an environment variable or CLI argument.
Poncho
Poncho6mo ago
@foobar @cknight I think an env variable would work great, thank you for your input
foobar
foobar6mo ago
For my knowledge, why put key in kv store could be wrong ? effectively, in env variable nobody can see the key, in kv store, only admin can see it
cknight
cknight6mo ago
If the KV store can be remotely accessed then anyone can get the key and decrypt the data. Best practice would be to store the key separately from the encrypted data For example you can also store backups in multiple places without worrying as much about the security surrounding those backups as the data is encrypted and the key is not available in the KV store.
More Posts
Deno is not seeing a projectIt seems deno is not seeing a project i am using. Project link: https://github.com/Swifter1243/ReMa`arch` and `platform` are empty strings in `node:process`👋 hello! I'm trying to use a node project that uses `arch` and `platform` inside `node:process`, whNPM imports fail on JSON requireWhen importing modules via `npm:` protocol, the embedded esbuild will throw the following error if tuse-case: web component development in denoMy use-case is quite simple, really. But I have a hard time finding the tooling to work with it. - Starting project errorsI have error in url of DenoConditional callback with deno_kv_oauthHello I am using deno_kv_oauth for my application and am trying to do the following: I want users tClear deno kv dbHow can I clear out the database? using `list` requires the keys to be known, but I just want to clehow to break console.log maximum characters limithi, im using usual `deno run file.ts` command and realized that there is a limit to number characternpm import : class is not found but it is well declared in node_moduleI try to use Tatum SDK in deno (https://github.com/tatumio/tatum-js). I pick up the easiest code exaInteractive Jupyter notebookHas anyone figured out how to do interactivity in a Jupyter notebook with Deno kernel in VSCode? Li