Supabase Vault is now in Beta

&gt;Group encryption: [...]<p>Came here to ask just about that but I see it&#x27;s on your roadmap already, that&#x27;s good and godspeed with that since encryption is <i>hard</i>.<p>During my PhD, I worked a little while with threshold encryption schemes (sometimes called horcrux encryption schemes, i.e. make n keys, you need at least m of them to perform some operations) (ref. my noob-ish question here ha <a href="https:&#x2F;&#x2F;crypto.stackexchange.com&#x2F;questions&#x2F;74763&#x2F;is-there-an-algorithm-that-allows-to-distribute-elements-securely-between-partie" rel="nofollow">https:&#x2F;&#x2F;crypto.stackexchange.com&#x2F;questions&#x2F;74763&#x2F;is-there-an...</a>).<p>I created a small system that allowed one to reconstruct parametric data from 3D shapes, but if and only if you had at least n pieces of the whole model, because reasons.<p>Reading this announcement, I recalled several things that came up during my research, which apply to this context as well.<p>* How can one make sure that losing one key is not the end of the db (i.e. backup keys)?<p>* How to share db access but not individual keys? (i.e. one key per user BUT all of them can read)<p>* What if encryption is shared by n users but one of them loses their key?<p>* How many keys for encrypting (or just one?), how many of them for decrypting?<p>* Represent all of this in some sort of stateful model, after all it&#x27;s a db (in my case it was files), it&#x27;s meant to be cold storage, everything should to be able to be reconstructed&#x2F;recovered from there.<p>The list goes on and on ...<p>Anyway, just wanted to say that this is a very interesting and promising feature to be found <i>in a database</i>. Great work, I&#x27;m eagerly waiting to get my hands on this.

Vault and pgsodium dev here at supabase, we&#x27;re pretty excited about the Vault, and this is just the beginning of some of the advanced encryption functions that libsodium provides that we want to bring into the Postgres ecosystem.<p>Happy to answer any questions here about how the Vault works now, and always excited to see use cases and suggestions for features from the community. libsodium is a big API, and pgsodium exposes <i>most</i> of it (about 110 functions so far, a few functions don&#x27;t make sense in SQL) so there is a lot of possibilities for new ideas and projects straight into SQL without having to learn the low level C details of using the sodium library directly.

hey hn, supabase ceo here<p>Vault is a Postgres extension that wraps pgsodium&#x2F;libsodium. It enables 2 key features:<p>1. Secrets management - you can store things like API Keys<p>2. Transparent Column Encryption (TCE)[0]. This allows you to encrypt a column in any of your tables, with a View for &quot;selecting&quot; out the decrypted data. It enables &quot;row level encryption&quot; too when you create a key for each row.<p>The blog post details how it works with AEAD[1]. This is a secure way of encrypting &quot;associated data&quot;. An easy way to explain this:<p>Imagine you associated a `user_id` with a `credit_card_number` while you encrypt it. A bad-actor updates the `user_id` to their own ID. When they attempt to decrypt the `credit_card_number` it will fail because the data that is associated is different. (note: please don&#x27;t store credit cards in supabase)<p>We&#x27;re rolling it progressively to the platform over the next month. Michel, the mastermind behind this one will be here to answer the questions that are above my head.<p>this is the last big launch of the week. You can see everything we launched this week here[2]. Some highlights from today: pg_graphql v1.0[3] (re-written in rust), PostgREST 11[4], and PGroonga release for multilingual search.<p>[0] TCE: <a href="https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;transparent-column-encryption-with-postgres">https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;transparent-column-encryption-with...</a><p>[1] AEAD: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Authenticated_encryption#Authenticated_encryption_with_associated_data_(AEAD)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Authenticated_encryption#Authe...</a><p>[2] Launch Week: <a href="https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;launch-week-6-wrap-up">https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;launch-week-6-wrap-up</a><p>[3]: pg_graphql v1.0: <a href="https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;postgres-point-in-time-recovery">https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;postgres-point-in-time-recovery</a><p>[4]: PostgREST 11: <a href="https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;postgrest-11-prerelease">https:&#x2F;&#x2F;supabase.com&#x2F;blog&#x2F;postgrest-11-prerelease</a>

The velocity at which Supabase releases new tooling (and most of it open source) never ceases to amazing be. Especially on the Postgres front.

&gt; Some of the possibilities we are looking into are: End-to-end encryption, Group encryption, Public Key Management<p>super exciting stuff. you are making security more accessible for a generation of apps which is no small feat.

Very nice. I&#x27;m building a new startup MVP with supabase it&#x27;s been lovely so far. Now if there could be an EC2 competitor I may be able to avoid (re-learning) AWS entirely.

It&#x27;s Christmas at Supabase. These folks be dropping features like gifts every day.<p>Good job!

IS Vault their own extension? I&#x27;m using Postgresql for a service and I&#x27;d love to use this feature. Maybe I should just use supabase as my backend...<p>&quot;I&#x27;m going to have to rethink my ink&quot;

Is there a super-basic starter kit for a CRUD app with user logins to deploy on supabase?