The main new features of Acra 0.84.0 are based around the DevOps’ needs – they eliminate the need to have a deep knowledge of secure development and cryptography to protect your data using Acra. Logs, metrics, and full-scale tracing will help during the deployment and usage of Acra. You can export them to your favourite tools (i.e. ELK, Prometheus, Jaeger) and monitor Acra’s load, performance, and behaviour, in real-time.
Great things are planned for the next few releases. We will unfold several unique technologies that are the next major step in security for many Acra users. These technologies are:
Running SQL queries over encrypted data. The upcoming search scheme will allow including Acra-protected records in WHERE clauses of SQL queries and perform proxy-side lookups (search) over the protected lists of data. This allows utilising cryptography fully even where search over protected data is required.
Alpha version of pseudonymization library / plugin for Acra that enables transparent pseudonymization with controled level of risk against mass leakages.
The next generation of Acra's log system that will feature (optional) cryptographic security measures and secure offloading to enable protection against tampering for logs in case some parts of the system get exposed to an attacker.
Noteworthy updates in Acra 0.84.0:
Key management. Improved LRU cache, which is used for quick access to in-memory keys in AcraServer and AcraTranslator (private keys are stored encrypted) (#272).
Improved AcraRotate utility: added "dry-run" mode in which AcraRotate doesn't rotate keys, but allows checking the readiness and availability of all the necessary permissions and components for performing secure key rotation (#269).
Added C++ AcraWriter library with examples and tests (#270).
Logging. Improved logs of AcraConnector and AcraServer (#275).
Improved startup logs: log process PID on start of AcraServer, AcraConnector, AcraTranslator, and AcraWebConfig (#275).
Fixed timestamps: do not overwrite logs' timestamps (#273).
Tracing with OpenCensus.
Added tracing with OpenCensus: AcraServer, AcraConnector, and AcraTranslator track every request from client application to the database and back. Traces can be exported to Jaeger (#279, #276, #274).
Improved AcraServer's connection handling (#275).
Improved AcraCensor's handling of prepared statements for PostgreSQL binary protocol (#280).
Improved handling of terminating packets (COM_QUIT for PostgreSQL and TerminatePacket for MySQL) to correctly handle the closing connections from clients (#275).
Refactored inner logic of AcraCensor: improved code quality and stability, added more tests that use more patterns (#268).
Dropped support for Go versions below 1.9.(only affect the users who build Acra manually from sources). You can install the pre-built Acra components shipped for various Ubuntu, Debian, and CentOS distributives using Installation guide. Alternatively, you can check out our Docker images and Docker-compose files in docker folder (#277).
Tested Acra suite with PostgreSQL v11 and MariaDB v10.3 and updated docker compose examples and Acra Engineering Demo to use it (#278).
Published Acra load balancing demo: it illustrates some of the many possible variants of building high availability and balanced infrastructure based on Acra data protection suite components, PostgreSQL, and Python web application. We used HAProxy – one of the most popular high availability balancers today.
Updated AcraStruct Validator – an online tool that can decrypt your AcraStructs.
Added a short guide for installing and using AcraWriter for C++.
AcraRotate: added description and notes about "dry-run" mode.
Updated documentation for logging, collecting metrics, and tracing in Acra.
Many small fixes here and there to make your overall experience of using Acra's docs on a new platform distinctive and smooth ;)
Don’t want to install Acra just yet? Request access to Acra Live Demo now, it requires no coding and is free!
Stay tuned. Exciting things are coming soon!