quarterpi

## 1 - PII Encryption with Elixir, Commanded, Vault.md

      
              10 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                quarterpi
                / 1 - PII Encryption with Elixir, Commanded, Vault.md
            
            
              Created
              January 11, 2022 15:44
                — forked from jwilger/1 - PII Encryption with Elixir, Commanded, Vault.md
            
              
                Quick Code Sample on Encrypting PII with Commanded for GDPR/CCPA Compliance
              
          
    This code is extracted from one of my private projects as an example of how to implement
encryption of PII in event streams using two keys: a master key for each "data subject"
that is stored in Vault and never transported to the systems that process the PII,
and a key unique to each event that is stored (itself encrypted) with the event.
To be clear, the key that is stored with the data is encrypted by another key that is
not stored with the data. The idea is that each "data subject" has an encryption key
that is stored in Vault (external). When you encrypt data, the library will:

create a new AES 256 encryption key


## dev_signed_cert.sh
#!/usr/bin/env bash
#
# From: https://gist.github.com/dobesv/13d4cb3cbd0fc4710fa55f89d1ef69be
#
# Usage: dev_signed_cert.sh HOSTNAME
#
# Creates a CA cert and then generates an SSL certificate signed by that CA for the
# given hostname.
#
# After running this, add the generated dev_cert_ca.cert.pem to the trusted root
	#!/usr/bin/env bash
	#
	# From: https://gist.github.com/dobesv/13d4cb3cbd0fc4710fa55f89d1ef69be
	#
	# Usage: dev_signed_cert.sh HOSTNAME
	#
	# Creates a CA cert and then generates an SSL certificate signed by that CA for the
	# given hostname.
	#
	# After running this, add the generated dev_cert_ca.cert.pem to the trusted root