From 31a72ae8421e70876ec811759022a57fbdb352d8 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Fri, 6 Mar 2020 01:07:13 -0800 Subject: [PATCH] Created Filer Data Encryption (markdown) --- Filer-Data-Encryption.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 Filer-Data-Encryption.md diff --git a/Filer-Data-Encryption.md b/Filer-Data-Encryption.md new file mode 100644 index 0000000..b9eafe4 --- /dev/null +++ b/Filer-Data-Encryption.md @@ -0,0 +1,17 @@ + +For filer, +* The metadata is stored in filer store. +* The actual data is stored in volume servers. + +However, there could be many volume servers. And the volumes may be tiered to the cloud. What if there are some security breach? + +### Encrypt data on volume servers +`weed filer -encryptVolumeData` is an option to encrypt the data on volume servers. The encryption key is randomly generated during write time, and is different for different files. The encryption key is stored as metadata in filer store. + +So the volume data on the volume servers are encrypted and should be safe. As long as the filer store is not exposed, it is nearly impossible to guess the encryption keys for each file. + +### Safely Forget Data +Another side is, with GDPR, companies are required to "forget" customer data after some time. If the volume data is stored on a glacial storage system, it is cumbersome to dig them out and destroy them. It is much easier to just delete the metadata, and the volume data is automatically "destroyed". + +### Note +The volume servers are agnostic to encryption. There are no encryption if you only use master and volume servers as an object store.