Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support lazy re-encryption #4

Open
ribose-jeffreylau opened this issue Jun 6, 2017 · 4 comments
Open

Support lazy re-encryption #4

ribose-jeffreylau opened this issue Jun 6, 2017 · 4 comments
Labels
enhancement help wanted
Milestone
1.0

Comments

@ribose-jeffreylau
Copy link
Contributor

Roadmap #3

  • add first used datetime of the encryption key
  • remind if used for over e.g. a year
@ribose-jeffreylau ribose-jeffreylau mentioned this issue Jun 6, 2017
Closed
@ribose-jeffreylau ribose-jeffreylau mentioned this issue Jun 6, 2017
Open
15 tasks
@GildedHonour
Copy link

GildedHonour commented Jun 23, 2017
edited
Loading

Reminding a user when it's been over year since last re/encryption - this will require that a user calls it somehow, manually, remembers about it. Perharps, regularly.

Namely, once the gem is added and called for the first time, its job is finished and it has no means to run itself in the background to check "how much time has it been since last re-encryption?". This would require creating a Sideq or cron job. But using a background job for an event which occurs only once a year....

Therefore, a user calling the gem will be required. But I think there should be a better way.

However, does lazy mean that the gem only checks the last date and reminds a user if needed when it's being called? If so then there'll be no issue described above. But it'll be better to allow the gem somehow notify a user once a year has been passed without requiring a user to call it manually.

@ronaldtse
Copy link
Contributor

@GildedHonour thanks for the clarification questions.

The original 'lazy' meant that the field value is automatically re-encrypted by the system (without user input) when accessed, this was in comparison to a mass re-encryption of all instances of the same field such as using a migration.

The second suggested functionality of "reminding" users is that the system does not automatically re-encrypt, but the user has to initiate the re-encryption of those fields using "old / expired" keys. In this case, the system still performs the re-encryption but perhaps the user needs to provide some input (e.g., the new key) to start that. This means that there needs to be some job that runs continuously (or just daily) to notify people about their "expired" keys.

In both cases, I think we need a Key model to achieve this?

@GildedHonour
Copy link

In both cases, I think we need a Key model to achieve this?
I'm not certain yet.

Does "the system" refer to the gem?

In either case there has to be a cron, sidekiq/whenever task running in background so it can check dayly if re-encryption is needed and then either does re-encryption silently or by notifying a user and asking them for a confirmation. Which means, an external dependency for such a rare task. Sidekiq, for example, is quite heavy; cron requires an effort for a user. Is there a way to avoid using a dependency? Apparently not.

@ribose-jeffreylau ribose-jeffreylau added this to the 1.0 milestone Jul 10, 2017
@GildedHonour
Copy link

I'll create a new model and go with the 2 approach which is reminding a user and asking for his input and confirmation. And yes, that'll require a background-tasks library, I'll pick a lightweight one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
3 participants
@ronaldtse @GildedHonour @ribose-jeffreylau