Reputation: 9594
NodeJS storing encrypted database passwords you need to decrypt and read, not user passwords?
I'm building a node api for a multi-tenant app and I'm using a tenant catalog in-memory which stores all the connection strings to connect to the database of each tenant.
Even though there's limits to what the account can do and the origin that can connect to the db for those specific accounts, I still don't want to even consider storing those passwords into plain text.
I've used bcrypt before but due to its 'one-way' nature, I wouldn't really be able to use the 'stored' passwords.
Is there a safe way to handle these in a NODE app?
Upvotes: 3
Views: 7447
Answers (1)
Reputation: 11557
Node comes out-of-the-box with crypto, which you can use to do basic symmetric encryption using a known private key (password). Presumably the key is stored somewhere safe that your application has access to, but is not in the database or in the source code.
Here's a simple example: https://lollyrock.com/posts/nodejs-encryption/
This gives you encryption-at-rest, which is probably a good "just in case" security precaution. Depending on the database you are using, you might be able to opt-in to encryption-at-rest without application changes - if you're an AWS shop, for example, you may have options to make the encryption invisible to your application. Otherwise, you'll need to decrypt and encrypt as you read and write your rows.
Upvotes: 1
Related Questions
- encrypt/decrypt passwords with node.js
- How to store sensitive datas with NodeJS without storing private key in plain text?
- How can I securely store the IP address, username and password of a database using Node.js?
- Encrypt nodejs data to mysql
- Encrypt passwords stored in environment variables
- Node Postgresql User Password Security
- Storing passwords with Node.js and MongoDB
- Decryption of an encrypted password in node.js
- NodeJS embedded database (persistent & encryptable)?
- How do I store my node mysql password NOT in plain text?