We prefer to have audit logging in our services that leverage databases. It gives us clarity into sources of where ACL issues might originate as well as gives us a general timeline of activity in our application.
Audit logging is tedious to set up so this gist contains our latest iteration of audit logging support for a sequelize based service.
| 'use strict'; | |
| const crypto = require('crypto'); | |
| const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY; // Must be 256 bits (32 characters) | |
| const IV_LENGTH = 16; // For AES, this is always 16 | |
| function encrypt(text) { | |
| let iv = crypto.randomBytes(IV_LENGTH); | |
| let cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(ENCRYPTION_KEY), iv); |
