I’m using a similar setup from the docs to deploy my apps:
Something I realized, is that the data stored in the database isn’t encrypted by default, right?
Can anybody guide me on how to make sure data at rest isn’t stored in plaintext in the postgres db?
Can also do it myself but imagine others had the same issue and could share experience or ideas!
I personally think its best if you make your own encryption using md5 or sha algos.
I was also not able to find anything related to databse encryption in the reflex docs.
My way around that was using supabase or firebase. Both work pretty well and do all the encrypting for me. Supabase is free so you might give it a shot.
Great, also thinking about supabase, but self hosted.
Do you know whether data is also automatically encrypted when using self hosted supabase? Because on a first glance it seems like it isn’t…
For postgres, the simplest option for at-rest encryption would be to create a LUKS partition and bind mount that into the container for the database volume (instead of using a docker volume).
This link explains how to create a LUKS volume inside a file: How to create an encrypted LUKS disk image – Shaakunthala's Miniblog
I dont use supabase self hosted but what i have read is that its not encrypted. The should be a way to set up a “auth” db which is prebuilt. This one should then have encryption.