Speaker: Lindsay Holmwood
When protecting sensitive data in our apps, everyone uses the same tried-and-true approach: build layers of controls around that data. But there is always a constraint: sensitive data must be stored in plaintext. What if we could encrypt it and perform range, match, and unique queries without ever decrypting it?
In this talk you will learn:
| #EXTM3U | |
| #EXTVLCOPT:http-referrer=https://www.surfline.com/ | |
| #EXTVLCOPT:http-user-agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0 | |
| https://hls.cdn-surfline.com/east-au/au-umina/playlist.m3u8 |
Protecting sensitive data in DynamoDB with searchable encryption
As architects, data security is a non-negotiable attribute of our solution designs. The traditional go-to technique to protect data is to build layers of controls around sensitive data. But there is always a constraint: sensitive data must be stored in plaintext. Why don’t we encrypt it? Because we can’t use it.
But what if we could encrypt it and perform range, match, and unique queries without ever decrypting it? This would allow us to exceed the design principles of the Security Pillar and protect data in transit, at rest, and in-use.
| require "dotiw" | |
| include DOTIW::Methods | |
| availability = 0.999 # three nines | |
| # days per year | |
| # | hours per day | |
| # | | minutes per hour | |
| # | | | seconds per minute |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Deploy CipherStash Proxy to ECS Fargate | |
| Parameters: | |
| VpcId: | |
| Type: AWS::EC2::VPC::Id | |
| SubnetIds: | |
| Type: List<AWS::EC2::Subnet::Id> | |
| SecurityGroupId: | |
| Type: AWS::EC2::SecurityGroup::Id |
| ~/src/github.com/cipherstash/proxy (ci/actually-run-tests *+) | |
| î CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG=true RUST_BACKTRACE=full mise run proxy | |
| [proxy] $ cargo run | |
| Compiling proc-macro2 v1.0.92 | |
| Compiling unicode-ident v1.0.14 | |
| Compiling libc v0.2.167 | |
| Compiling autocfg v1.4.0 | |
| Compiling serde v1.0.215 | |
| Compiling version_check v0.9.5 | |
| Compiling typenum v1.17.0 |
DevOps Sydney is a community meetup intended for networking and collaboration in the developer + operations community.
We value the participation of each member of the DevOps community and want all community members to have an enjoyable and fulfilling experience. Accordingly, all attendees are expected to show respect and courtesy to other attendees throughout the meetups.
To make clear what is expected, all attendees, speakers, organisers and volunteers at any Sydney DevOps event are required to conform to the following Code of Conduct. Organisers will enforce this code throughout events.
We meet on the third Thursday of every month, at Pivotal in Sydney.
If you're taking public transport, we recommend you catch the train to Central and make the short walk from there.
Are you a recruiter? Please follow our rules for participating in the community.
Does your company want to give back to the community? Sponsor a meetup!
| CREATE EXTENSION IF NOT EXISTS pgcrypto; | |
| CREATE TYPE ore_64_8_v1_term AS ( | |
| bytes bytea | |
| ); | |
| CREATE TYPE ore_64_8_v1 AS ( | |
| terms ore_64_8_v1_term[] | |
| ); |
| ➔ be rails s | |
| => Booting Puma | |
| => Rails 7.0.4.2 application starting in development | |
| => Run `bin/rails server --help` for more startup options | |
| Puma starting in single mode... | |
| * Puma version: 5.6.5 (ruby 3.1.3-p185) ("Birdie's Version") | |
| * Min threads: 5 | |
| * Max threads: 5 | |
| * Environment: development | |
| * PID: 18387 |