Repository encryption at rest

[Nuno Costa]

Hi all,

Does anyone knows if it is possible to have the repositories files encrypted on the backend/filesystem while they are not in use?

For example, the repo would be unencrypted when any action would be directed to a specific repository like a change is open on the UI, a clone or REST API call.

I don't see doing this on the filesystem level very advantageous because Gerrit service needs to be up and running.

Even if mounting certain repos on a different mount point that would be unencrypted, we would always need to have Gerrit signaling to the FS to encrypt the repo.

Not even considering the encryption overhead.

Just wanted to know if something like this is/would be possible

Thanks and keep the good work,

Nuno

[Martin Fick]

On Tue, Jul 23, 2024 at 3:30 AM Nuno Costa <nunoco...@gmail.com> wrote:

Does anyone knows if it is possible to have the repositories files encrypted on the backend/filesystem while they are not in use?

This is not currently possible, but I suspect that it would not be an enormous task to modify JGit to encrypt the objects on disk for storage. That would, of course, make the repositories unreadable by the standard git executable though,

 

-Martin

[Nuno Costa]

Hi Martin, thanks for the feedback.

Regarding cgit access, it seems there are some projects[1][2] to handle independent files and even entire repo encryption.

Could this be a feature request to be presented to jgit team?

The feature could also be compatible with some cgit encryption implementations allowing it to work on both jgit and cgit.

[1] https://github.com/AGWA/git-crypt

[2] https://github.com/spwhitton/git-remote-gcrypt

[David Åkerman]

Hi Nuno,

Your suggested projects seems to do encryption and decryption on the client-side. In that case the files should be encrypted when they are uploaded and stored on the git-server/gerrit-server. Does not that fulfill your requirements?

Best regards,

David

[Luca Milanesio]

I believe Nuno would like for Gerrit to still index and process the data by decrypting it on the fly.

In that case, the encryption isn’t E2E because Gerrit (an intermediary) can see the data in cleartext.

If you want Gerrit to see the data in cleartext, then the encryption needs to be done at block-device level, which is totally possible an is outside the Git and Gerrit domain.

Alternatively, if the data needs to be really encrypted E2E, then encryption and decryption is done at client level, and David is right, Gerrit would _just work_ and _won’t see data in cleartext_.

Luca.

Best regards,

David

-- 
-- 
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

--- 
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/4d88e142-3295-41cc-b89c-7dd5f1a4cae0n%40googlegroups.com.