Hi,
I wish to use Realm/Device Sync and my concern is about security. Can the user’s data be encrypted on Atlas?
Thank you!
Hi,
Communication between the device and app services is over HTTPS/WSS, so you get SSL encryption. However, the Device Sync server needs to inspect the data to properly handle and resolve conflicts, before inserting the data into Atlas.
If you want E2E encryption you can roll it yourself by storing sensitive fields as encrypted binary fields. See this repo for a good example/description: https://github.com/realm/realm-kotlin-samples/tree/main/AppServicesUsageSamples/apps/property-encryption
We cannot really make use of MongoDB’s field-level encryption at the moment as doing so would likely require giving Atlas Device Sync the encryption keys (which is in some ways counter to the entire point of FLE).
We are thinking through some of these use cases to try to get a better sense of what the real concerns and use cases are so that we can make sure we build the right thing to address concerns, if you have any more specifics I would be happy to add them to our notes document on this topic.
Best,
Tyler