Decision Time: How to specify which fields to encrypt/decrypt #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I vote for suggestion no. 3 with suggested format: {
"encryptedFields": [
"$.path.to.some.field",
"$.path.to.other.field"
]
} |
|
Where can I find the rationales behind those options? Pros/Cons, etc.? Also have you considered not putting anything into the meta field? We are documenting our domain events anyway and part of that is to define the type. An encrypted field could just be a container-like type. If you absolutely want to have automated recognition of encrypted fields you could do that via json-spec. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Decision Time
The producer of the event has a list of fields to encrypt and replaces their value with the an object containing the encrypted value and some meta information, notably the name of the key used. The consumer has the same list, and for each field finds the used key by its given name and so can reproduce the original value.
In our CoP Architecture Meeting on 2022-08-03 we discussed three different solutions to the "which fields to encode" complex. In our next meeting on 2022-08-17 we will vote for one these proposal to be the final solution:
Use the "pii" field.
Use the "pii" field, and add "https://studitemps.tech/specification/domain-event-encrypted-pii" as flag to the @type field
Add a new field named "encryptedFields" that contains a list of encrypted fields