Design and document storage needs
Created by: flying-robot
Context
Implementing 2FA implies secure storage of various metadata, as well as activity logging. With a TOTP package and recovery code format determined, we can design the database schemas and perform some back-of-envelope calculations on storage requirements.
Tasks
-
Discuss with security how to securely store TOTP secrets -
Discuss with security how to securely store recovery codes -
Discuss with security what audit logging information should be recorded and where -
Design schemas for this metadata and its relationship to other entities (users, organizations, etc.) -
Draft migrations that implement the proposed design