User data encryption #33

New Issue

andrew · 2025-09-29T00:38:04Z

andrew commented

2025-09-29 00:38:04 +00:00

Implement a method of encrypting a user's data, using their password as the passphrase. When a user logs in, an encrypted directory of profiles will be decrypted by their password, and made available for the duration of their token's lifetime.

Whenever the user requests a new token, the decrypted files remain available until that new token expires.

When the user's last token expires, the user's files will be re-encrypted using their password.

Implement a method of encrypting a user's data, using their password as the passphrase. When a user logs in, an encrypted directory of profiles will be decrypted by their password, and made available for the duration of their token's lifetime. Whenever the user requests a new token, the decrypted files remain available until that new token expires. When the user's last token expires, the user's files will be re-encrypted using their password.

andrew added the

enhancement

label 2025-09-29 00:38:04 +00:00

andrew added this to the Application Enhancements milestone 2025-10-03 17:26:44 +00:00

andrew commented

2025-10-23 21:26:57 +00:00

Not a good idea, since we would need to keep the user's password in plaintext in memory for the duration of their session.

andrew closed this issue

2025-10-23 21:26:57 +00:00

Sign in to join this conversation.