As the days were getting shorter, our pull requests were getting longer, and here we are now, proud to present Acra 0.83.0. Its distinctive new feature is the AcraRotate utility, which allows you easily rotate the storage keys on a regular basis or perform an emergency key rotation if you’ve detected (or suspect) a compromise of the client app.
SQL filtering got more flexible — the new 6 patterns (including SUBQUERY and LIST_OF_VALUES) allow deep customisation for configuring the accepted queries and blocking malicious requests.
Starting with Acra 0.83.0, all of the current documentation for Acra can only be found on the Cossack Labs Documentation server (you can also find the documentation for our other product, i.e. Themis and Hermes).
One of the easiest ways to try Acra is to deploy it with Docker However if you don’t wish to install a thing, but still want to experience the full might of Acra, we are proud to present the Acra Live Demo — a web-based demo of a typical web-infrastructure protected by Acra and deployed on our servers for your convenience. Encrypt data from a Python application, store it in a PostgreSQL database, decrypt data through Acra – in just one click. Try to run malicious SQL queries and watch how they are blocked by AcraCensor.
Request access to Acra Live Demo now, it’s free!
Some other noteworthy updates in the new version of Acra:
Core
Security
Updated the default and allowed TLS configurations (#254).
Improved security of transport connection between Acra's services by validating the clientId length. This decreases the chance of misusing the clientId (#253).
Key management
Added AcraRotate utility for rotation of Zone keys and re-encryption of AcraStructs. AcraRotate generates a new Zone keypair for a particular ZoneId and re-encrypts the corresponding AcraStructs with new keys. ZoneId stays the same (#256, #239).
AcraCensor – SQL filter and firewall
Improved SQL filtering through more complex pattern matching (#264, #263, #262, #238). Read the detailed description and usage examples on the AcraCensor page on DocServer.
AcraWriter
Added Java/Android AcraWriter library, added examples and tests (#252). Read the usage guide and examples in examples/android_java folder.
Added SQLAlchemy type wrappers for the Python AcraWriter (#257).
Improved and refactored the Python AcraWriter example of encrypting data and reading it from the database (#258).
Prometheus Metrics
Added functionality for exporting the basic metrics of AcraServer, AcraConnector, and AcraTranslator to Prometheus (#260, #251, #234).
Else
Improved AcraConnector's compatibility with PostgreSQL: AcraConnector now correctly handles the database's denial to use TLS connection (#259).
Added export of CLI parameters for AcraServer, AcraConnector, and AcraTranslator to markdown (#261).
Improved readability of CEF-formatted logs by sorting extension fields in alphabetical order (#255).
Improved quality of our codebase — cleaned up the old unnecessary code (#250).
Infrastructure
Added AcraRotate as a ready-to-use tool inside AcraTranslator and AcraServer Docker containers (#236).
Documentation
Made the Documentation Server the primary and the only regularly updated source of documentation for Acra. The most recent version of the documentation, tutorials, and demos for Acra can be found there.
AcraCensor: updated the details on how the "patterns" filter works.
AcraRotate: added a tutorial for using AcraRotate to rotate Zone keys and re-encrypt the data.
Tons of small fixes here and there to make your overall experience of using Acra's docs on a new platform distinctive and smooth ;).
To read about the new release in all the details, see the changelog for Acra 0.83.0.
