Find ways to encrypt all stored user data

[dominic22]

If the database get compromised the user data should not be leaked, that is why it should be encrypted and decrypted on database layer.

• claim of user
• verifiable credentials

Data which needs to be encrypted:

[identity-docs]->key->secret

[key-collection]->keys->0->secret
[key-collection]->keys->1->secret
....
[key-collection]->keys->4095->secret

[users]->claim
[users]->verifiableCredentials->0
[users]->verifiableCredentials->1
....
[users]->verifiableCredentials->X

[verifiable-credentials]->vc->credentialSubject

[mastrogiovanni]

I implemented encryption/decryption with following limitations:

• encryption key is a constant (need to be a configuration env parameter)
• only identity-docs is encrypted (more need to be added)

This task need however to be paused.

With @michelenati we talked about data encryption and we concluded that the API should not care about it.
If a customer has high security requirements need to use an external database that support that level.
In case this will be the road, then the task will be converted in a check to allow connection to high secure MongoDB instances (e.g. Mongo Atlas)