Encrypting sensitive data is an important part of Owasp's Top 10 and the European Guidelines no one likes. Such treatment is usually reserved for the most paranoid cases like storing messages from Discord (it's in their TOS) or credit cards, but a case could be made for it to help make it harder for adversaries to steal data.
Several important ones may include Passwords (in addition to hashing them), IP Addresses, Emails, PMs, and maybe messages from particularly sensitive forums.
The encryption key could be passed in by the admin to the app or even held in something like Vault, and then, it could decrypt these bits of data on the spot, so that the database never knows what it's holding.
Maybe, additional security measures could be added too?
Several important ones may include Passwords (in addition to hashing them), IP Addresses, Emails, PMs, and maybe messages from particularly sensitive forums.
The encryption key could be passed in by the admin to the app or even held in something like Vault, and then, it could decrypt these bits of data on the spot, so that the database never knows what it's holding.
Maybe, additional security measures could be added too?
