{"id":22496962,"url":"https://github.com/morebec/orkestra-postgresql-personal-information-store","last_synced_at":"2026-04-16T08:35:29.051Z","repository":{"id":49499676,"uuid":"359993009","full_name":"Morebec/orkestra-postgresql-personal-information-store","owner":"Morebec","description":"[READ ONLY] PostgreSQL Personal Information Storage for Orkestra","archived":false,"fork":false,"pushed_at":"2023-03-31T18:46:54.000Z","size":28,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"2.x","last_synced_at":"2025-02-01T23:45:07.353Z","etag":null,"topics":["gdpr","orkestra","php","postgresql","privacy"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Morebec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-21T01:03:21.000Z","updated_at":"2022-07-25T15:52:05.000Z","dependencies_parsed_at":"2022-09-16T07:50:26.365Z","dependency_job_id":null,"html_url":"https://github.com/Morebec/orkestra-postgresql-personal-information-store","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Morebec%2Forkestra-postgresql-personal-information-store","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Morebec%2Forkestra-postgresql-personal-information-store/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Morebec%2Forkestra-postgresql-personal-information-store/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Morebec%2Forkestra-postgresql-personal-information-store/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Morebec","download_url":"https://codeload.github.com/Morebec/orkestra-postgresql-personal-information-store/tar.gz/refs/heads/2.x","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245925695,"owners_count":20694946,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gdpr","orkestra","php","postgresql","privacy"],"created_at":"2024-12-06T20:15:04.055Z","updated_at":"2026-04-16T08:35:28.998Z","avatar_url":"https://github.com/Morebec.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PostgreSQL Personal Information Store\nThis component is a PostgreSQL based implementation of the Orkestra Privacy Component's\nPersonal Information Store. It supports encrypting data in the personal store.\n\nIt relies on DBAL for communication with PostgreSQL.\n\n## Installation\nThe component can be installed using composer.\n```shell\ncomposer require morebec/orkestra-orkestra-postgresql-personal-information-store\n```\n\n## Usage\nCreate a new instance of a `PostgreSqlPersonalInformationStore`.\n```php\nuse Doctrine\\DBAL\\Configuration;\nuse Doctrine\\DBAL\\DriverManager;\nuse Morebec\\Orkestra\\PostgreSqlPersonalInformationStore\\PostgreSqlPersonalInformationStore;\nuse Morebec\\Orkestra\\PostgreSqlPersonalInformationStore\\PostgreSqlPersonalInformationStoreConfiguration;\n\n$connection = DriverManager::getConnection([\n    'url' =\u003e '...'\n], new Configuration()); \n\n$config = new PostgreSqlPersonalInformationStoreConfiguration();\n$config-\u003eencryptionKey = PostgreSqlPersonalInformationStore::generateEncryptionKey(); // Or random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);\n$store = new PostgreSqlPersonalInformationStore($connection,$config);\n```\n\n\u003e Ensure you save the encryption key securely such as .env variables or a secret manager.\n\nFor more information for how to use the Store, see the documentation for the [Privacy Component]().\n\n### Disposable Information\nThe information stored in the Personal Information Store can have a `disposedAt` value which indicates if and when \nthe data should be destroyed.\nThis component ships a `DisposedPersonalDataRemover` service class that inspects the store for expired data and deletes it.\n\nIt should be used in a daemon:\n\n```php\nuse Morebec\\Orkestra\\PostgreSqlPersonalInformationStore\\DisposedPersonalDataRemover;\n\n$remover = new DisposedPersonalDataRemover($store);\n\nwhile(true) {\n    $remover-\u003erun();\n    sleep(60);\n}\n```\n\n## Security\nGiven the goal of this store is to save Personal Data, the PostgreSQL server must be highly secured against attackers.\nHere are a few ideas to help you get started.\n\n### Client Authentication Control\nClient Authentication Control allows to specify the way clients of the PostgreSQL server\ncan connect to it, and if they are allowed to. This configuration can be done in the `pg_hba.conf`: \n\n```conf\n# TYPE  DATABASE        USER            ADDRESS                 METHOD\nhost     postgres       all             172.20.0.0/24           ident\nhost     all            all             0.0.0.0/0               reject\n```\n\nFor example, the above config would only allow all clients with IP address  `172.20.0.x` to connect\nto the server on the database postgres using the authentication method ident which works by using the client's\noperating system username.\nGiven this file is read from top to bottom for a match, the last line would reject any other connection attempts. \n\n### Server Configuration\nAnother thing that can be done to enhance the security of the PostgreSQL server is of course to edit\nits Server configuration.\nFor example:\n- Changing the default port to something else,\n- Changing the list of allowed client addresses (similar to Client Authentication Control).\n- Using SSL\n\n## Testing\nTo run the tests execute the following command:\n```shell\nvendor/bin/phpunit tests/\n```\n\nIt is required to have an instance of postgresql running with a password-less role `postgres` and a database named `postgres`.\nTo easily get this setup and running a `docker-compose` configuration file is available at the root of this project.\n\nTo run it simply execute the following command:\n\n```shell\ndocker-compose up -d\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorebec%2Forkestra-postgresql-personal-information-store","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmorebec%2Forkestra-postgresql-personal-information-store","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorebec%2Forkestra-postgresql-personal-information-store/lists"}