gumboots
WWasp
•Created by gumboots on 3/19/2025 in #đŸ™‹questions
Encrypting email address in db with Email Auth
It was something I wanted to explore. It's not the end of the world if I don't do it, but it would have been nice for me to achieve. I was all "ooooh I think it's less than a dozen lines I'd need to change, I hope I can do it easily" đŸ˜… ah well.
17 replies
WWasp
•Created by gumboots on 3/19/2025 in #đŸ™‹questions
Encrypting email address in db with Email Auth
These are great points, thanks for such a considered response.
I was hoping to encrypt the email addresses because of mental health factors in the user base. A large portion is likely to be concerned about any of their data being linked back to something that could identify them. They might also have memory challenges, so i still need a forgot password mechanism.
Aside from email address there'd be one text field that could contain PII, but encrypting a custom data field is much easier than a login email address.
Even though I can guide them on "hide my email" tools and things, being able to say "even we don't know your email address, it's not in plain text in the database" could go a long way in helping them feel comfortable, and so more likely to use the tool. I know it's a huge pain in the butt and rarely done, but it's an easily understandable thing to put forward as reassurance to non tech users. I guess it's more about perception?
Aside from using email as a mechanism for password reset, we have no emails or newsletters, no marketing, no direct contact. News / updates would be through the app itself. Most features free. With a bit of extra work I can integrate with a payment provider based solely on customer id, though payment success / failure / receipt would all need to be communicated in the app itself (in my case, this is fine).
So I was thinking one way encryption... at the moment I can't see I'd have a need to decrypt the email address.
17 replies
WWasp
•Created by gumboots on 3/19/2025 in #đŸ™‹questions
Encrypting email address in db with Email Auth
Well that's frustrating, considering that I was thinking that all I need to do is encrypt the email address before it's saved on a sign up, and then tweak the parameters on login + signup +reset pwd to encrypt the email address before searching for a matching user. Damn
17 replies
WWasp
•Created by gumboots on 3/19/2025 in #đŸ™‹questions
Encrypting email address in db with Email Auth
@kapa.ai I'm not sure this is what I want. In the code below, I think this will still store their email in plain text, but also add extra data to store the encrypted email? I need a solution where the email is never stored in plain text.
await createUser(
providerId,
providerData,
// Store encrypted email in User entity
{ encryptedEmail },
)
17 replies