Encryption of user data at rest

Last development for MyHomeEnergyPlanner has been encrypting the assessment data in the database for data protection. Now I am thinking if the same should be done for emonCMS. I am not thinking about feeds, just the information that can identify the user: email, name, location and bio. There can be an argument about the username.

Before I put myself into this mission, I’d like to hear somebody else’s opinion.


Do you mean emoncms.org, self-hosted emonCMS, or both?

Carbon Co-op are running our own instance of emoncms (which probably counts as self-hosted). We are currently investigating what changes (if any) need to be made to our copy of emoncms to ensure compliance with the new provisions in GDPR which require ‘privacy by design’ and strongly recommend de-identification techniques such as pseudo-anonymisation.

I am thinking of both: I would focus on emonCMS v9 (self hosted). the one we use but, without having looked in detail, I think all the changes would be done to the user model so it should work for emoncms.org too


In a bid to move this along a bit… what do people think about encrypting meta-data with a separate server key (or a key stored in a KMS) ? @cagabi ?

Hello @beaylott @cagabi, I think this would be a good idea to explore, great! Im not sure that Il get much time to engage fully in the short term but Im definitely interested. Should the encryption key be user supplied, so that only the user can decrypt their own data? rather than a server wide key?

1 Like

I think it depends on the use case. What we had in mind was the use of a separate server key file which could be used by the models to encipher data. This would mean that if someone gained access to the SQL database directly on network or a dump of it the meta data would not be readable. Of course it is still readable by anyone possessing the key. This is the server scenario we are interested in I think.

There is probably also some clever way the user can prevent even the server admins from reading this data, but I think that would require the use of keys local to the user (this is ‘zero knowledge’ encryption I think). This doesnt seem to offer too much but some people might be interested in it.

1 Like