Jian Reis
August 11, 2022

Better safe than sorry: encryption for snapshots

When it comes to securing the sensitive data in your database, we tend to err on the side of caution, which is why we're implementing encryption for Snaplet snapshots.

Privacy and security are really important. We know - it’s part of the reason why we started Snaplet: it’s a pain to get realistic data to code against, and sanitizing a dump of production can be risky. It’s dangerous to have personally-identifiable information (PII) on a local machine, which is why Snaplet automatically detects and transforms PII, and allows you to control those transformations at any time.

In theory then, Snaplet snapshots should be safe of running afoul from any PII issues. If your snapshot had to land up in the hands of a third party, because there’s no potentially sensitive information contained inside, it wouldn’t be of any use or value to a bad actor, and at the very least, you wouldn’t be in breach of GDPR or other data privacy regulations.

Even so, we think it’s better to be safe than sorry, which is why we now support encryption for snapshots. In order to encrypt your snapshots, you’ll need to have a public key in your config. Running snaplet config setup will generate an RSA key-pair, and store a private key in an id_rsa file and a public key in your config.js.

Once your RSA key-pair is setup, snapshots captured via Snaplet Cloud capture are automatically encrypted as part of the capture process, while snapshots captured via the CLI are encrypted when you run a snapshot share command. Encryption happens via the public/private key. This means that no one other than you, and team members who you share a snapshot with via the web application or snaplet share can decrypt your snapshots. Not even us.

Once encryption is setup, by default, all snapshots shared via Snaplet are now encrypted, but you can opt out specifically using the --no-encrypt flag.

Here’s Snaplet software developer Khaya Zulu giving a demo of encryption:

You can find out more about snapshot encryption by checking the documentation or the release notes.

Keep safe!

Jian Reis