Is Frappe cloud by default uses maria db encrypt at rest?
I am planning to deploy my custom app on frappe cloud using shared hosting with private bench. Do I have a way of encryption of my data at rest.
Need some security guidance.
No. No encryption-at-rest or encryption-in-transit.
Reference: press/press/playbooks/roles/mariadb/templates/mariadb.cnf at develop · frappe/press · GitHub
Is it possible to host application server on frappe cloud and maridb somewhere else in shared plan?
So basically if we need to have encryption we need to self host?
If Frappe cloud is hosted on Aws and you use Managed RDS. Isn’t it just a configuration to enable encryption.
Can it be a feature request for Frappe Cloud.
We are dealing with erpnext, related to financial data and there is no encryption.
I’m not sure if with his relevant and our-time-saving github link @AdityaHase meant “see, there is no option for this” or “see, here you can add the option(s) you want [implying: think about it, try it out, take some risk, and then tell us the result please]”.
But one google search later, here might already be the answer:
MariaDB has official support for file-based key management , AWS KMS & Hashicorp Vault.
File based key management is not that much secured at all even with encryption. Probably, we need to work on building the mariadb plugin for KMS.
Created a feature request on GitHub : MariaDB Data Encryption · Issue #3071 · frappe/press · GitHub
2 Likes
Thanks @tanmoy
Not sure if Frappe cloud uses Managed RDS.
Managed RDS has configuration for in transit encryption and rest Encryption
See kms key id and CA certificate identifier in cloud formation
We have some support internally in FC to connect RDS.
But, It’s not available as an standard solution.
If you are looking for that, you can open a support ticket at support.frappe.io to further discuss that.
3 Likes