[Techtalk] mongodb with encryption?

[John Sturdy]

Hi,

I've been writing a membership and training management database system for
my local hackerspace, and because of GDPR I've been asked to separate out
the Personal Identifying Data (basically any profile data that could be
used to harass someone) into a separate, encrypted database, which is to be
encrypted at rest.  The overall architecture of the system is that login,
sessions, authentication, and URL dispatch are all handled by django, but
then the rest of it is handled in my python code, which supplies view
functions for django to use (i.e. my code makes up the whole page string,
without using django templates etc).  My code uses mongodb for all its
storage.  I've done it this way partly because I'm familiar with mongodb
and templateless HTML generation in python (in the way described at
https://bitbucket.org/tavisrudd/throw-out-your-templates/src) but not with
django and relational databases; and I want the flexibility that mongo
provides, and don't want to have to do django migrations whenever the form
of a user profile changes.

My original idea was to keep information such as names and addresses in the
database that django uses to manage user accounts, but when I saw about
having to do migrations when these change, I decided I'd rather put almost
all that information into mongo, leaving a minimum (name, email and a UUID
to link the to the mongo database) in django's database, for flexibility
and minimal technical hassle, and also because we want to get the project
up and running ASAP.

I'd been assuming that keeping the user profile database on an encrypted
filesystem would be as good as using a database that does encryption
itself.   However, the hackerspace committee's GDPR expert is encouraging
me to use an encrypted SQL database for this, but I really don't want the
learngin