Skip to content

feat(coordinator): AES-256-GCM encryption at rest (#323)#401

Merged
Marvy247 merged 2 commits into
HitEmPoka:mainfrom
Tboy123-emm:feat/coordinator-encryption-at-rest
Jun 27, 2026
Merged

feat(coordinator): AES-256-GCM encryption at rest (#323)#401
Marvy247 merged 2 commits into
HitEmPoka:mainfrom
Tboy123-emm:feat/coordinator-encryption-at-rest

Conversation

@Tboy123-emm

@Tboy123-emm Tboy123-emm commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

closes #323

HitEmPoka#323)

- Add aes-gcm, zeroize (derive), and optional aws-sdk-kms/aws-config deps
- New crypto.rs: EncryptionKey (env var or ephemeral) with versioned key ring
  and key rotation support; EncryptedField wrapper for sensitive strings
- AppState carries Arc<EncryptionKey>; MpcConfig.committee_secret is now
  an EncryptedField (encrypted at startup from COMMITTEE_SECRET env var)
- auth.rs: rate-limit bucket keys use SHA-256(domain|key_version|ip) instead
  of raw IPs, keeping player IPs out of in-memory state

Environment variables:
  ENCRYPTION_KEY  64 hex chars (32 bytes); falls back to ephemeral key in dev
  COMMITTEE_SECRET  existing env var, now encrypted before storage
@Tboy123-emm Tboy123-emm force-pushed the feat/coordinator-encryption-at-rest branch from 7fef0b9 to 8b504d3 Compare June 25, 2026 19:40
@drips-wave

drips-wave Bot commented Jun 25, 2026

Copy link
Copy Markdown

@Tboy123-emm Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Marvy247

Copy link
Copy Markdown
Contributor

@Tboy123-emm Please fix the CI check fails and merge conflicts, then i'll merge

@Marvy247 Marvy247 merged commit 43fdbea into HitEmPoka:main Jun 27, 2026
5 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Implement coordinator database encryption at rest

2 participants