I'm working on an app where I need to store user locations as latitude and longitude pairs securely. My plan is to encrypt this data before storing it in the database because security is a priority. However, I also need to be able to decrypt the locations so I can query for nearby restaurants. I won't compare user locations against each other, so I won't need to decrypt all values at once. I'm considering using an encryption method that involves a key, which I can keep in a secure place like an .env file. But I'm unsure which encryption standard to use or if there's a better way to handle this overall. Any advice?
3 Answers
There are many encryption methods out there, but just encrypting the data doesn’t fully protect it. If someone hacks your server, they'll get both the data and the key. Try not to store sensitive data like this if possible. If you do need it, then consider real-time querying instead of storing the lat/long details.
I get that, but having some encryption in place at least offers a layer of protection if the database gets compromised.
Using a KMS is a good idea! It securely manages your keys, and you can encrypt and decrypt data using the keys fetched from it. The key should never be hardcoded in your app—always prioritize security!
You might want to rethink storing user coordinates entirely. Instead, consider fetching their coordinates in real time for restaurant queries. But if you do encrypt the data, use a strong library like AES. Just don’t hardcode your keys. Instead, consider a Key Management System (KMS) for storing and managing keys safely. And don’t use the same key for everything; rotating keys or using unique keys per record can help enhance security. Also, be sure to salt the values before encrypting for extra protection.
You’re right, one step is better than none. Just make sure that even if someone accesses the database, they can’t easily get to the sensitive info.