-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(encryption): Implement e2e encryption using encryptedStorage composable #363
base: main
Are you sure you want to change the base?
Conversation
Key encryption wip; Asymmetric encryption wip
Replaced crypto library for nonce-misuse resistance and more modern nonce handling; Refactored types; Added optional encryption of keys; Adjusted normalization to encryption
β¦generic testing option for encryption
Would appreciate your feedback @pi0, @danielroe, @atinux. |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #363 +/- ##
==========================================
+ Coverage 75.32% 76.08% +0.76%
==========================================
Files 30 31 +1
Lines 3534 3822 +288
Branches 494 531 +37
==========================================
+ Hits 2662 2908 +246
- Misses 871 913 +42
Partials 1 1 β View full report in Codecov by Sentry. |
@@ -5,7 +5,7 @@ import { BlobsServer } from "@netlify/blobs"; | |||
import { resolve } from "path"; | |||
import { rm, mkdir } from "node:fs/promises"; | |||
|
|||
describe("drivers: netlify-blobs", async () => { | |||
describe.skip("drivers: netlify-blobs", async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
describe.skip("drivers: netlify-blobs", async () => { | |
describe("drivers: netlify-blobs", async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That driverβs tests are extremely flaky, which is why I disabled them and forgot about it, thanks for the find :)
What do you think about the implementation @pi0 ?
Anything I can do to bring this forward @pi0 ? |
π Linked issue
#24
β Type of change
π Description
Implements a new composable function
encryptedStorage
similar toprefixStorage
that wraps a unstorage instance and offers encryption for values and optionally for keys as well.encryptedStorage
that can also be used in combination with others likeprefixStorage
. Usage isencryptedStorage(createStorage({ driver }), encryptionKey, true)
where the last parameter (set totrue
) defines if keys should also be encrypted@noble/ciphers
for encryption, as it is 0 deps and works in Node, Bun, Deno and Workers (tested on CF). It supports AES-GCM-SIV (not implemented in Web/Node Crypto) which is nonce misuse resistant, what we need for deterministic key encryption with the same IV/nonce for keys.getRandomValues
fromuncrypto
. The content is wrapped into aStorageValueEnvelope
:fs
,memory
,redis
, 'lrs' andazure-blob-storage
for content as well as key encryption and in combination withprefixStorage
:fs
driver, an update to thetestDriver
utility to optionally test for content and key encryption as well es tests for the storage server and the combination withprefixStorage
π Checklist