Encrypting sensitive information with 'encrypt with password' for multiple users

Hi there Wapplers,

A question regarding security:
Let's say I want to securely store clients sensitive information, so I can use the 'encrypt with password method' as described in this topic.

  • And I want clients to be able to decrypt this information and view it in the app.
  • And I want specific users to also be able to decrypt this information and view it in the app.

How does one go about this?

I did read some thread here:

Where they suggest to:

TL;DR: Generate a data-key pair, encrypt the private part with the public key of all users that have write access, encrypt the public part with the public key of all users that have read access.

I am note sure if this would be possible with the 'encrypt with password' formatter. Also I don't yet fully understand how to securely handle the password you use to encrypt and decrypt. Saving this in the server action doesn't seem that secure to me?

As an alternative or addition I found this 1click droplet security suite called 'Acra':

Acra provides selective encryption, multi-layered access control, SQL firewall (SQL injections prevention), database leakage prevention, and intrusion detection capabilities in a convenient, developer-friendly package.

Any thoughts on this matter are highly appreciated :slight_smile:

ps: I am on Nodejs with this project hosted on Digital Ocean droplet with a managed database which is encrypted at rest

Our managed database clusters are encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL.

Would anybody be able to advice on what the most attainable and secure way is to store a encryption key in a Wappler project?