https://github.com/edgelesssys/estore
A key-value store that provides confidentiality and "snapshot integrity".
https://github.com/edgelesssys/estore
database encryption
Last synced: 11 months ago
JSON representation
A key-value store that provides confidentiality and "snapshot integrity".
- Host: GitHub
- URL: https://github.com/edgelesssys/estore
- Owner: edgelesssys
- License: agpl-3.0
- Created: 2024-05-06T09:32:23.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-05T15:25:06.000Z (over 1 year ago)
- Last Synced: 2025-06-18T11:53:32.209Z (about 1 year ago)
- Topics: database, encryption
- Language: Go
- Homepage:
- Size: 20.3 MB
- Stars: 5
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# EStore
EStore is a key-value store with authenticated encryption for data at rest.
It's based on [Pebble](https://github.com/cockroachdb/pebble), the key-value store used in CockroachDB.
EStore provides confidentiality *and* integrity for the database state as a whole.
We call this "snapshot integrity."
In contrast, other database encryption schemes typically only provide integrity at the record or file level.
As a result, in those cases, attackers can modify parts of the database state unnoticed.
With these properties, EStore is particularly well suited for use with [EGo](https://github.com/edgelesssys/ego) to build [confidential-computing apps](https://www.edgeless.systems/confidential-computing).
However, you can use EStore in any Go application to store sensitive information in a structured way.
## Example
```go
package main
import (
"crypto/rand"
"fmt"
"log"
"github.com/edgelesssys/estore"
)
func main() {
// Generate an encryption key
encryptionKey := make([]byte, 16)
_, err := rand.Read(encryptionKey)
if err != nil {
log.Fatal(err)
}
// Create an encrypted store
opts := &estore.Options{
EncryptionKey: encryptionKey,
}
db, err := estore.Open("demo", opts)
if err != nil {
log.Fatal(err)
}
defer db.Close()
// Set a key-value pair
key := []byte("hello")
if err := db.Set(key, []byte("world"), nil); err != nil {
log.Fatal(err)
}
// Get the value of the key
value, closer, err := db.Get(key)
if err != nil {
log.Fatal(err)
}
defer closer.Close()
fmt.Printf("%s %s\n", key, value)
}
```
## License
EStore is licensed under [AGPL-3.0](LICENSE).
It uses code licensed under a [BSD-style license](LICENSE.pebble).
You can also get a [commercial license and enterprise support](https://www.edgeless.systems/enterprise-support).