-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
sqlcipher
SQLCipher is a standalone fork of SQLite that adds 256 bit AES encryption of database files and other security features.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Yep, I just made it tweakable at build, which was always the intent, although I expect the default to be popular.
https://github.com/ncruces/go-sqlite3/blob/67d859a5/vfs/adia...
That's unfortunate about the default parameters, but note that you can also replace the KDF altogether (besides just not using it).
You just need to implement this interface, with any HBSH construction and KDF:
https://github.com/ncruces/go-sqlite3/blob/67d859a5/vfs/adia...
If you keep the HBSH and change the KDF, your file format will be “compatible.”
> PS: I've got nothing against Turso, or libSQL. In fact I spent the last year perusing their virtual WAL API. The problem is that I found no documentation, nor any useful open source implementations of it. If there any I'd be very interested. So, thus far, I also don't have anything that drives towards libSQL.
Hey, this is v and I am an engineer at Turso. We do have some documentation and an example implementation of Virtual WAL
docs: https://github.com/tursodatabase/libsql/blob/ef44612/libsql-...
example: https://github.com/tursodatabase/libsql/blob/ef44612/libsql-...
for an open source implementation, you may check how Bottomless works. Bottomless is another project which does back up like litestream and it internally implements a Virtual WAL.
Bottomless - https://github.com/tursodatabase/libsql/tree/main/bottomless
I am sure we can improve our docs, make it more discover-able and easy to find. I am open to feedback and suggestions!
SQLite encryption at-rest is a hot requested feature of both the “default” CGo driver [1] and the transpiled alternative driver [2]. So, this is a feature I wanted to bring to my own Wasm based Go driver/bindings [3].
Open-source SQLite encryption extensions have had a troubled last few years. For whatever reason, in 2020 the (undocumented) feature that made it easy to offer page-level encryption was removed [4]. Some solutions are stuck with SQLite 3.31.1, but Ulrich Telle stepped up with a VFS approach [5].
Still, their solution seemed harder than something I'd want to maintain, as it requires understanding the structure of what's being written to disk at the VFS layer. So, I looked at full disk encryption for something with less of an impedance mismatch.
Specifically, I'm using the Adiantum tweakable and length-preserving encryption (with 4K blocks, matching the default SQLite page size), and encrypting whole files (rather than page content).
I'm not a cryptographer, so I'd really appreciate some roasting before release.
There is nothing very Go specific about this (apart from the implementation) so if there are no obvious flaws, it may make sense to port it to C/Rust/etc and make it a loadable extension.
[1] https://github.com/mattn/go-sqlite3/pull/1109
How do you feel yours compares with (say) SQLCipher, which is very popular and keeps fairly close to the upstream SQLite releases?
* https://www.zetetic.net/sqlcipher/
* https://github.com/sqlcipher/sqlcipher
Their most recent release (v4.5.7) is based upon SQLite v3.45.3, which is the latest version of SQLite:
* https://github.com/sqlcipher/sqlcipher/releases/tag/v4.5.7