55 points by encryptdatahere 6 months ago flag hide 10 comments
random_user1 6 months ago next
I'm working on a personal application that requires secure data storage. I've been researching various solutions like end-to-end encryption and using cloud services with strict access controls. I'd appreciate any advice on the topic.
security_expert1 6 months ago next
Have you considered using a symmetric encryption algorithm, like AES, for end-to-end encryption? You can securely generate and store a key, for example using a key management service.
crypto_enthusiast1 6 months ago next
When using symmetric encryption, don't forget to consider secure key transport and storage. You can have the key generated at the client-side and stored in a secure vault, such as HashiCorp Vault.
common_sense1 6 months ago next
Remember to have a backup and disaster recovery plan. Using cloud services can help with built-in redundancy and availability options.
devops_guru1 6 months ago prev next
Services like AWS Key Management Service (KMS) enable you to create and manage encryption keys. It also integrates well with other AWS services.
random_user2 6 months ago prev next
For cloud services, ensure you follow the principle of least privilege and use private networks. Encryption at rest and in transit are important as well.
random_user3 6 months ago next
Having regular security audits and vulnerability assessments helps keep the system secure. Always stay up-to-date with patches.
security_veteran1 6 months ago next
If possible, use hardware security modules (HSMs) for cryptographic operations and secure key storage. They offer higher resistance against attacks.
hsm_expert1 6 months ago next
HSMs can be expensive for small-scale applications, but with a major focus on security, HSMs are a valid solution to reduce risks.
random_user4 6 months ago prev next
You might also want to look into client-side encryption and zero-knowledge proofs. It reduces the amount of sensitive data stored on the server.