github/pocket-id
1
1
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-01-11 03:58:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Encrypt private keys saved on disk and in DB #45

New Issue
Closed
opened 2025-07-08 08:38:22 -04:00 by AtHeartEngineer · 0 comments
AtHeartEngineer commented 2025-07-08 08:38:22 -04:00
Owner
Copy Link

Originally created by @ItalyPaleAle on 6/25/2025

Fixes #580

Implements the design described here: https://github.com/pocket-id/pocket-id/issues/580#issuecomment-2918342289

  • Adds support for storing private keys in the database
  • Adds support for encrypting the private keys stored on disk (optional) or in the database (required)
  • Adds support for running Pocket ID with in-memory only (ephemeral) keys

Adds these new config options:

  • KEYS_STORAGE, which can be file or database. The default is file.
  • ENCRYPTION_KEY allows passing a key to use to encrypt keys stored on disk or DB
  • ENCRYPTION_KEY_FILE is akin to ENCRYPTION_KEY but contains the path to a file with the key to load

When keys are encrypted, they are tied to a specific instance of Pocket ID (identified by the InstanceID internal config setting).

Also note that keys are encrypted with AES-GCM.

*Originally created by @ItalyPaleAle on 6/25/2025* Fixes #580 Implements the design described here: https://github.com/pocket-id/pocket-id/issues/580#issuecomment-2918342289 - Adds support for storing private keys in the database - Adds support for encrypting the private keys stored on disk (optional) or in the database (required) - Adds support for running Pocket ID with in-memory only (ephemeral) keys Adds these new config options: - `KEYS_STORAGE`, which can be `file` or `database`. The default is `file`. - `ENCRYPTION_KEY` allows passing a key to use to encrypt keys stored on disk or DB - `ENCRYPTION_KEY_FILE` is akin to `ENCRYPTION_KEY` but contains the path to a file with the key to load When keys are encrypted, they are tied to a specific instance of Pocket ID (identified by the InstanceID internal config setting). Also note that keys are encrypted with AES-GCM.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
breaking
breaking
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
go
go
javascript
javascript
javascript
javascript
javascript
javascript
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
open to pull requests
open to pull requests
open to pull requests
open to pull requests
open to pull requests
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
AtHeartEngineer
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/pocket-id#45
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?