For an API call that requires decrypting data it can add about 5-10ms, most of that comes from reading the values from the token database. Encrypting will incur a similar performance penalty (again from the database).…
https://news.ycombinator.com/item?id=16236798 https://news.ycombinator.com/item?id=16237349
The mono-repo of protos has been our approach, and has worked very well for us so far. Only difference is we publish the resulting code for all languages into a single artifact repo, which other projects use as a…
In short, our REST based APIs are done via a YAML syntax, but our newer APIs are through Protocol Buffers. See my other comment for more details https://news.ycombinator.com/item?id=16237349
It's so specific to our architecture that there would be little value in open sourcing it. That being said, there are some lessons we learned along the way that I do think are worth sharing. As I mentioned above the API…
You're correct that it does make certain kinds of analysis more difficult. However that doesn't mean we can't ever get access to the original data. Most of our current BI needs to can be met using the un-encrypted data,…
It's a custom Go application that proxies rest/json based APIs, as well as gRPC/Protobuf.
In addition to the points already raised by ryan_j_naughton, another consideration is how to perform key rotation and cipher upgrades over time. This is a lot more complex if every application is doing it on their own,…
The service is written in-house, but we do use Vault for things like provisioning temporary credentials.
I can elaborate on these points. The service acts more like a key value store (this is a simplified explanation, but for your questions it will do). You give it a value, it gives you back a token, which you can later…
For an API call that requires decrypting data it can add about 5-10ms, most of that comes from reading the values from the token database. Encrypting will incur a similar performance penalty (again from the database).…
https://news.ycombinator.com/item?id=16236798 https://news.ycombinator.com/item?id=16237349
The mono-repo of protos has been our approach, and has worked very well for us so far. Only difference is we publish the resulting code for all languages into a single artifact repo, which other projects use as a…
In short, our REST based APIs are done via a YAML syntax, but our newer APIs are through Protocol Buffers. See my other comment for more details https://news.ycombinator.com/item?id=16237349
It's so specific to our architecture that there would be little value in open sourcing it. That being said, there are some lessons we learned along the way that I do think are worth sharing. As I mentioned above the API…
You're correct that it does make certain kinds of analysis more difficult. However that doesn't mean we can't ever get access to the original data. Most of our current BI needs to can be met using the un-encrypted data,…
It's a custom Go application that proxies rest/json based APIs, as well as gRPC/Protobuf.
In addition to the points already raised by ryan_j_naughton, another consideration is how to perform key rotation and cipher upgrades over time. This is a lot more complex if every application is doing it on their own,…
The service is written in-house, but we do use Vault for things like provisioning temporary credentials.
I can elaborate on these points. The service acts more like a key value store (this is a simplified explanation, but for your questions it will do). You give it a value, it gives you back a token, which you can later…