Encryption?
I occasionally get clients that want to build fintech apps. Very often, they have strong security requirements. Usually storing any ssns or personal information cannot be stored in plaintext. Those fields must be encrypted.
Any thoughts on how to do this in convex?
6 Replies
hi @tstepro! all data inside Convex is encrypted at rest. we don't yet officially have SOC-2 compliance but we are working through the process right now and our encryption processes are already compliant with these requirements. this doesn't constitute a legal guarantee until we actually get the compliance checkmark, but the engineering is done
of course one shouldn't be storing plaintext passwords themselves in convex or elsewhere
if you need a level of encryption for personal information additional to what would be provided by SOC-2 then your best bet would likely be to encrypt client-side or within a mutation function
@lee has an encryption demo at https://whisper-convex.vercel.app/
one minor issue you might run into is if the convex runtime used in queries and mutations doesn't support an encryption library that you want to use. we're constantly adding support for js functionality in our runtime but worst-case you could run this as a node action in convex
This is really cool! Thanks @james . @lee , do you have the source for that demo?
GitHub
whisper/README.md at main · ldanilek/whisper
Contribute to ldanilek/whisper development by creating an account on GitHub.
There's also this short post https://stack.convex.dev/end-to-end-encryption-with-convex
End-to-End Encryption with Convex
Implementing end-to-end encryption on top of Convex to build a secret-sharing app.
Awesome, thank you, thank you!
Hello, I think the whisper app is incredibly cool.
Though does anyone have advice for if I just want to implement encryption into my chat feature so the message content is stored in Convex encrypted so I am not able to read user's messages?
I believe I'd want to use public/private keys, im also using clerk so could potentially stoer the keys in clerk apart from convex.. I'm open to ideas - not sure of the best way to go.