When configuring server, a workstation, or setting up a user account on computer, it is considered the best practice to use the least permissions principle. So all of the above code is located in settings/production.py which is loaded only on live servers. In order to have this working, we split settings files based on the environment. Whenever Django needs to load its settings, it fetches the file, decrypts it, and populates the necessary fields. We use a simple text file that is then encrypted using KMS, and is then stored on Google Cloud Storage. Unfortunately Google doesn’t have anything near developer-friendly as Amazon, so we have created a quick solution for that. But even if you do have a private repository that only your company employees can access, it is a bad practice to store anything sensitive in code.Īmazon AWS has either Secrets Manager or Parameter Store which simplifies this considerably. There are quite a lot of news about developers storing API and session keys inside the code, then uploading it to GitHub where anyone can see that (in case of a public repository). Now you can use the EncryptedCharField in your model, just like any other field. # this function is called before saving the data to the database if not value: GOOGLE_KEYRING,ĭef get_db_prep_value(self, value, connection, prepared =False): You should place it # a separate module and import here return decrypt( # below is a a `decrypt` function implemented above. # this function is called by Django when reading the data from the database if value is None: CharField):ĭef from_db_value(self, value, expression, connection): Using the above we can then create a Django model field that automatically encrypts the data when saving it and decrypts during the load:Ĭlass EncryptedCharField(models. # we're in development mode, so simply return unencrypted data return ciphertext # base64 encoding is just for convenience in order to store the data # in a text field rather than binary return base64. # we're in development mode, so simply return unencrypted data return clear_textĬlear_text = clear_text. crypto_key_path_path(project_id, location, keyring, crypto_key)Ĭlient, resource_name = _get_client( **kwargs) # for development environment we do not provide any encryption # so just return None return None, NoneĬlient = kms_v1. """Create a Google KMS client that will be used for encrypting/decrypting the data.Įlif not any(): Here we will create a new model field that encrypts data before storing it in the database, and decrypts it when reading it back.įirst create a service client and helper functions to encrypt/decrypt the data:ĭef _get_client(project_id =None, location =None, keyring =None, crypto_key =None): We use Django and Python 3.7 for everything on the backend. Securely storing sensitive dataīelow is a description of how we do that in code. This means that if someone were to dump the database, all of the sensitive data would either be hashed (passwords), or encrypted with a key stored and managed by another server. We host everything on Google Cloud and use KMS for managing encryption keys. The technical solution to this particular problem is to encrypt sensitive data inside the database. Not only this affects our system, but now also our users’ external services which amplifies the consequences. Anyone would be able to use these API keys to access customers’ services like Google Drive files, Jira tasks, Confluence pages, or sales data at PipeDrive. Now imagine that for some reason our whole database leaks to public: a clever attack that compromised our or partner’s systems, a disgruntled engineer, or simply due to the negligence. These allow us to read and write to these systems, sometimes also delete data. When setting up third-party integrations with shipit, users provide API keys to their accounts. The security problem of storing sensitive data This takes more time, but if the incident happens, that time would pay-off the development work. We calculate various risks and implement the appropriate counter-measures. A similar concept is applied when building software. If you care about your partner’s future well-being and your children, you might insure your life so that in the worst-case scenario they get financial support for some time. If it is a calculated risk, this money is worth spending. Insurance industry plays on our fears: pay a smaller fee for an unlikely future event, and if it happens you will be covered.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |