Replicate data encrypted

[nkosi23]

Hello,

Is there a way to replicate data in encrypted form? My goal is to develop a zero-knowledge web service so I do not want the server to 1) see unencrypted data, and 2) be able to decrypt the data. The couchdb server is only meant to provide a cloud backup.

[Terreii]

🖖,

Yes, there are even two!
For both options you must look after the _local/crypto doc, to have the salt. And sync it manually. But once #80 lands, this gets easier.

---

The first one where you store the data not encrypted locally, but encrypt it when syncing it to CouchDB.

const localDB = new PouchDB('local')
const remoteDB = new PouchDB('https://example.com/my_db', { auth: { username, password } })
remoteDB.crypto(password).then(() => {
  localDB.sync(remoteDB, { live: true, retry: true })
})

Here the _local/crypto doc is stored in the CouchDB db. If you only have one instance, then there is nothing you have to to. But once you make anything, where the local docs are not synced, then you users data will be lost!

---

The other method is end to end encryption!
You can have multiple PouchDB instances accessing the same DB. Make one that encrypts the data and one to access it encrypted, it will then sync it to the remote db:

const localDB = new PouchDB('local')
const encrypted = new PouchDB('local')
const remoteDB = new PouchDB('https://example.com/my_db', { auth: { username, password } })

localDB.crypto(password).then(() => {
  encrypted.sync(remoteDB, { live: true, retry: true })
})

// use localDB to access your data.

Here the _local/crypto doc is never synced! You must do it yourself.

Once #80 lands, could you also make multiple instances with different passwords.

---

There is also a third option: use garbados/comdb instead of this plugin.