Data encryption/decryption at rest

Massimo Cesaro massimo.cesaro@REDACTED
Mon Jan 24 14:39:58 CET 2022


Hi Frank,
if you can replace ETS with Mnesia (and in theory you should), then it is
pretty simple to write a mnesia activity access callback (see
https://www.erlang.org/doc/apps/mnesia/mnesia_app_b) to encrypt your data
at rest and having them decrypted on the fly when you need them inside your
application.
I did it some time ago, and the only tricky part is how to handle the
encryption key(s) for the mnesia table encryption in a secure manner.

Hope this helps

Massimo

On Sat, Jan 22, 2022 at 11:04 AM Frank Muller <frank.muller.erl@REDACTED>
wrote:

> Hi guys,
>
> We have some ETS tables persisted to disk periodically.
>
> These data are almost static (rarely change) and contains clients
> information such as: name, gender, date/place of birth, security token, etc.
>
> Due to new policy in place, these data has to be encrypted at rest.
> But I still need to access it in a decrypted way inside my Erlang app.
>
> What approach should I take?
> Is there any Erlang library to help with this task?
>
> Disclaimer: I’m by far not a security expert
>
> Thanks
> /Frank
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20220124/137f241c/attachment.htm>


More information about the erlang-questions mailing list