Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make DefaultEncryptionService use libsodium #555

Merged
merged 40 commits into from
Jul 24, 2024
Merged

Make DefaultEncryptionService use libsodium #555

merged 40 commits into from
Jul 24, 2024

Conversation

amh4r
Copy link
Contributor

@amh4r amh4r commented Apr 27, 2024
edited by jpwilliams
Loading

Summary

Change DefaultEncryptionService in @inngest/middleware-encryption to use libsodium. This is a breaking change.

Standardizing our SDKs' encryption middlewares on libsodium allows for easy interoperability. For example, our TypeScript SDK could send an encrypted event to our Python SDK.

Todo

  • Make two middleware for proper support 🫠
  • Async encrypt/decrypt

Checklist

  • Added a docs PR that references this PR N/A Documented in-package
  • Added unit/integration tests
  • Added changesets if applicable

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 27, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 44b1ab6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@inngest/middleware-encryption Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@amh4r amh4r marked this pull request as draft April 27, 2024 17:33
@jpwilliams jpwilliams added this to the v4.0.0 milestone May 20, 2024
@jpwilliams jpwilliams marked this pull request as ready for review July 4, 2024 17:14
@jpwilliams
Copy link
Member

inngest-js/packages/middleware-encryption/MIGRATION.md

Lines 1 to 66 in 80e45b5

# Migration
This covers how to migrate between the major versions of this middleware
## v0 -> v1
We've changed some tooling and standards in v1 to align with other languages,
ensuring we can provide easier cross-language E2E encryption.
If you only use the middleware on a single service/app and only passed a `key`
as required, you can upgrade with no changes. Otherwise, read on.
### Field-level event encryption removed
In v0, you could customize which fields in an event would be encrypted. By
default this was the `encrypted` field, but you could choose any top-level
fields.
To help avoid users forgetting to encrypt fields containing sensitive data (or
misplacing that data), an entire event's payload is now encrypted.
If you customized field-level encryption in v0, move the option to the new
`v0Legacy` object:
```ts
const mw = encryptionMiddleware({
// ...
legacyV0Service: {
eventEncryptionField: ["my", "custom", "fields"],
},
});
```
### Changing multiple apps
If multiple apps used the v0 encryption middleware, you can slowly migrate to
the new Sodium standard by forcing encryption to use the v0 strategy but still
be able to decrypt with the new one.
> [!NOTE]
> Note that if you use a custom encryption service, you won't have to perform
> any upgrades here; this is only as we are changing the default strategy.
To force encryption using the v0 strategy, set the `forceEncryptWithV0` option:
```ts
const mw = encryptionMiddleware({
// ...
legacyV0Service: {
forceEncryptWithV0: true,
},
});
```
Then, your rollout is:
1. Update all apps to use v1 with `forceEncryptWithV0: true`
2. Once all apps are updated and deployed, remove the `forceEncryptWithV0` flag
or set it to `false`
### Encryption service identifiers
Each encryption service now requires an `identifier`, used to ensure the correct
strategy is being used to decrypt data when it is received.
If you're not using a custom encryption service, no change is needed here.

@jpwilliams jpwilliams self-assigned this Jul 4, 2024
@jpwilliams jpwilliams added the ✨ new New features, integrations, or exports label Jul 4, 2024
@jpwilliams jpwilliams marked this pull request as draft July 18, 2024 14:43
@jpwilliams
Copy link
Member

Warning

Holding merge until Python is also ready.

@jpwilliams jpwilliams added the prerelease/inngest Create snapshot releases for a PR for the "inngest" package. label Jul 22, 2024
@inngest-release-bot
Copy link
Collaborator

inngest-release-bot commented Jul 22, 2024
edited
Loading

A user has added the prerelease/inngest label, so this PR will be published to npm with the tag pr-555. It will be updated with the latest changes as you push commits to this PR.

You can install this prerelease version with:

npm install inngest@pr-555

The last release was built and published from 17e7107.

@amh4r amh4r marked this pull request as ready for review July 22, 2024 13:57
@jpwilliams jpwilliams added prerelease/middleware-encryption Create snapshot releases for a PR for the "@inngest/middleware-encryption" package. and removed prerelease/inngest Create snapshot releases for a PR for the "inngest" package. labels Jul 23, 2024
@inngest-release-bot
Copy link
Collaborator

inngest-release-bot commented Jul 23, 2024
edited
Loading

A user has added the prerelease/middleware-encryption label, so this PR will be published to npm with the tag pr-555. It will be updated with the latest changes as you push commits to this PR.

You can install this prerelease version with:

npm install @inngest/middleware-encryption@pr-555

The last release was built and published from 44b1ab6.

@jpwilliams jpwilliams merged commit 4469bff into main Jul 24, 2024
43 checks passed
@jpwilliams jpwilliams deleted the encryption-libsodium branch July 24, 2024 19:13
@inngest-release-bot inngest-release-bot mentioned this pull request Jul 24, 2024
Merged
jpwilliams pushed a commit that referenced this pull request Jul 24, 2024
@inngest-release-bot @github-actions
Release @latest (#663)
a0cc43f 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @inngest/middleware-encryption@1.0.0

### Major Changes

- [#555](#555)
[`4469bff`](4469bff)
Thanks [@goodoldneon](https://github.com/goodoldneon)! - ## Breaking
changes

    -   Default to using [LibSodium](https://libsodium.gitbook.io/doc)
    -   Changed field-level event encryption
    -   Custom encryption services now require identifiers

    ## Features

    -   Added strategies for AES and LibSodium

For information on how to migrate, see
[MIGRATION.md](https://github.com/inngest/inngest-js/blob/main/packages/middleware-encryption/MIGRATION.md).

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpwilliams jpwilliams jpwilliams approved these changes

@darwin67 darwin67 Awaiting requested review from darwin67

Assignees

@jpwilliams jpwilliams

Labels
📦 @inngest/middleware-encryption ✨ new New features, integrations, or exports prerelease/middleware-encryption Create snapshot releases for a PR for the "@inngest/middleware-encryption" package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@amh4r @jpwilliams @inngest-release-bot