feat: add optional client-side encryption for buckets#97
Open
jedisct1 wants to merge 1 commit intohuggingface:mainfrom
Open
feat: add optional client-side encryption for buckets#97jedisct1 wants to merge 1 commit intohuggingface:mainfrom
jedisct1 wants to merge 1 commit intohuggingface:mainfrom
Conversation
jedisct1
changed the title
Encrypt file contents before upload and decrypt transparently on read, using the aegis crate's RAF layer. Gated behind --features encrypt and activated by --encryption-key-file. Supports all six AEGIS variants (128L, 128X2, 128X4, 256, 256X2, 256X4) via --encryption-algorithm, defaulting to aegis-128x2. Per-file algorithm is recorded in content_type metadata so reads always use the correct variant. Rewrites of existing encrypted files preserve the original algorithm.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds optional client-side encryption.
Client-side encryption feels like a natural fit for buckets, where deduplication is likely less relevant than content in repos.
To keep the change low-risk, the implementation is feature-gated behind
encryptand is designed to minimize impact on the existing non-encrypted path.The scope is kept narrow. Features like password-based key derivation, key rotation, and other usability improvements could be added incrementally later if they seem worthwhile.
Encryption is handled by the
aegiscrate, which already include a complete API for encrypted filesystems.I realize this introduces functionality that has not been discussed previously, so I completely understand if it does not feel like the right fit for the project at this time.
I still wanted to share it for review because I think it could be valuable for some users. If it makes more sense to keep this as a separate fork, I am also happy to maintain it that way.