Cryptography
dqlite itself does not use any cryptographic technologies. The transfer of data between nodes during replication is the responsibility of the driver. In the go-dqlite driver, for example, data is transferred over a socket secured with TLS.
Hardening guidelines
If sensitive data is stored within a dqlite database, ensure that it is not usable in the form stored (e.g. no plain-text passwords). Dqlite does not protect against an someone manually inspecting the underlying SQLite database.
Decommissioning a dqlite instance
To delete a dqlite database, be sure to:
- Delete the main database file
- Delete the write-ahead log (
*.db-wal), next to the main file - Delete the shared memory map (
*.db-shm), next to the main file - Delete any logs (check where the system integrating
dqlitestores these)
Reporting vulnerabilities and bugs
All bug reports are welcome! Please be aware of the dqlite security policy and the Ubuntu Security disclosure and embargo policy.