DocsGuides
Apps
Endpoints
Databases
- Introduction to Databases
- Database Backups
- Database Credentials
- Data Encryption
- Application-Level Encryption
- Custom Database Encryption
- Database Encryption
- Database Encryption in Transit
- Database Endpoints
- Database Scaling
- Database Tunnels
- Replication and Clustering
- Supported Databases
- Deprovisioning a Database
- Database Upgrade Methods
Containers
Stacks
CLI
- Aptible CLI
- aptible apps
- aptible apps:create
- aptible apps:deprovision
- aptible apps:rename
- aptible apps:scale
- aptible backup:list
- aptible backup:orphaned
- aptible backup:purge
- aptible backup:restore
- aptible config
- aptible config:add
- aptible config:rm
- aptible config:set
- aptible config:unset
- aptible db:backup
- aptible db:clone
- aptible db:create
- aptible db:deprovision
- aptible db:dump
- aptible db:execute
- aptible db:list
- aptible db:modify
- aptible db:reload
- aptible db:rename
- aptible db:replicate
- aptible db:restart
- aptible db:tunnel
- aptible db:url
- aptible db:versions
- aptible deploy
- aptible domains
- aptible endpoints:database:create
- aptible endpoints:database:modify
- aptible endpoints:deprovision
- aptible endpoints:https:create
- aptible endpoints:https:modify
- aptible endpoints:list
- aptible endpoints:renew
- aptible endpoints:tcp:create
- aptible endpoints:tcp:modify
- aptible endpoints:tls:create
- aptible endpoints:tls:modify
- aptible environment:ca_cert
- aptible environment:list
- aptible environment:rename
- aptible help
- aptible log_drain:create:datadog
- aptible log_drain:create:elasticsearch
- aptible log_drain:create:https
- aptible log_drain:create:logdna
- aptible log_drain:create:papertrail
- aptible log_drain:create:sumologic
- aptible log_drain:create:syslog
- aptible log_drain:deprovision
- aptible log_drain:list
- aptible login
- aptible logs
- aptible logs_from_archive
- aptible metric_drain:create:datadog
- aptible metric_drain:create:influxdb
- aptible metric_drain:create:influxdb:custom
- aptible metric_drain:deprovision
- aptible metric_drain:list
- aptible operation:cancel
- aptible operation:follow
- aptible operation:logs
- aptible rebuild
- aptible restart
- aptible services
- aptible ssh
- aptible version
Tutorials
- Application Performance Monitoring
- CI Integration
- Aptible Demo App
- Deploying Grafana
- Direct Docker Image Deploy Example
- Dockerfile Deploy Example
- Exposing a Web App to the Internet
- Using Nginx with Aptible Endpoints
- Quickstart Guides
- Setting up Logging
- Automating Database Migrations
- Dockerfile Caching
- Using Domain Apex with Endpoints
- Accepting File Uploads
- Scheduling Tasks
- Serving Static Assets
- Terraform
- How to test a PostgreSQL Database's schema on a new version
- How to dump and restore PostgreSQL
- How to upgrade PostgreSQL with logical replication
- How to upgrade Redis
- How to upgrade MongoDB
- How to use mysqldump to Test for Upgrade Incompatabilities
- How to dump and restore MySQL
Troubleshooting
- Aptible Support
- App Processing Requests Slowly
- This Application Crashed
- before_release Commands Failed
- Build Failed
- Container Failed to Start
- Certificate Signing Requests
- Deploys Take Too long
- git Reference Error
- git Push "Everything up-to-date."
- HTTP Health Checks Failed
- App Logs Not Being Received
- PostgreSQL Replica max_connections
- Connecting to MongoDB fails
- MySQL Access Denied
- No CMD or Procfile in Image
- git Push Permission Denied
- aptible ssh Permission Denied
- PostgreSQL Incomplete Startup Packet
- PostgreSQL SSL Off
- Private Key Must Match Certificate
- aptible ssh Operation Timed Out
- SSL error ERR_CERT_AUTHORITY_INVALID
- SSL error ERR_CERT_COMMON_NAME_INVALID
- Unexpected Requests in App Logs
Application-Level Encryption
Aptible's built-in Database Encryption is sufficient to comply with most data regulations, including HIPAA Technical Safeguards [45 C.F.R. § 164.312 (e)(2)(ii)], but we strongly recommend also implementing application-level encryption in your App to further protect sensitive data.
The idea behind application-level encryption is simple: rather than store plaintext in your database, store encrypted data, then decrypt it on the fly in your app when fetching it from the database.
Using application-level encryption ensures that should an attacker get access to your database (e.g. through a SQL injection vulnerability in your app), they won't be able to extract data you encrypted unless they also compromise the keys you use to encrypt data at the application level.
The main downside of application-level encryption is that you cannot easily implement indices to search for this data. This is usually an acceptable tradeoff as long as you don't attempt to use application-level encryption on everything. There are, however, techniques that allow you to potentially work around this problem, such as Homomorphic Encryption.
📘 Tip
Don't roll your own encryption. There are a number of libraries for most application frameworks that can be used to implement application-level encryption.
Key Rotation
Application-level encryption provides two main benefits over Aptible's built-in Database Encryption and Custom Database Encryption when it comes to rotating encryption keys.
Key rotations are faster
Odds are, not all data is sensitive in your database.
If you are using application-level encryption, you only need to re-encrypt sensitive data when rotating the key, as opposed to having to re-encrypt everything in your database.
This can be orders of magnitude faster than re-encrypting the disk. Indeed, consider that your database stores a lot of things on-disk which aren't strictly-speaking data, such as indices, etc., which will inevitably be re-encrypted if you don't use application-level encryption.
Zero-downtime key rotations are possible
Use the following approach to perform zero-downtime key rotations:
- Update your app so that it can read data encrypted with 2 different keys (the old key, and the new key). At this time, all your data remains encrypted with the old key.
- Update your app so that all new writes are encrypted using the new key.
- In the background, re-encrypt all your data with the new key. Once complete, all your data is now encrypted with the new key.
- Remove the old key from your app. At this stage, your app can no longer need any data encrypted with the old key, but that's OK, because you just re-encrypted everything.
- Make sure to retain a copy of the old key so you can access data in backups that were performed before the key rotation.
Application-Level Encryption
