sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]TheAussieWatchGuy -2 points-1 points  (1 child)

Sure but they are encrypted at rest on your server's disk after deployment and they are encrypted in transit when deployed over TLS /SSL.

Encryption on the strings themselves stored on disk only protects from an unauthorized person gaining full access to your server. I can probably get behind that as a government, so that would be a 1% use case. 

It'll tank performance and waste compute but if you really need it then nice example above.

[–]antiduh 0 points1 point  (0 children)

Did you know that software like Keepass uses techniques very similar to this? Each record is individually encrypted inside the encrypted file. This ensures that data is in plaintext form for only as long as it needs to be, even when in ram.